| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Apr 2009 22:50:26 -0400 From: "WebAppSec" <webappsec@...hnicalinfo.net> To: <bugtraq@...urityfocus.com> Subject: New WebApp security paper: Anti-fraud Image Solutions WebAppSec gurus, I recently had some time on my hands to write up a whitepaper covering a topic that I've been repeatedly queried about over the years - how can you tell which person "stole" a copy of your Web application content and used it to build a phishing or fraud site? It's not a particularly easy question to answer, but there are a number of things that can be done to help this identification task. One useful component of that identification process is the embedding of unique tagging information within the content of the application. This process, referred to as Distribution Tracing, can be applied to the images used to construct the Web site. The paper "Anti-fraud Image Solutions" is now available on my Web site - http://www.technicalinfo.net/papers/AntiFraudImageSolutions.html ...and there's a blog on the topic over at - http://technicalinfodotnet.blogspot.com/2009/04/who-cloned-web-site-heres-ho w-to-tell.html Hope the paper proves insightful for some of you having to advise your customers directly. I'll offer a beer at BlackHat Las Vegas this year to the first person to name 3 large international banks that already use this tracing process, and the algorithm they went with :-) Cheers, Gunter Ollmann
Powered by blists - more mailing lists