Circumventing security toolbars and phishing filters via rogue wireless access points

Wireless Communications and Mobile Computing

Volumn 10, Issue 8, 2010, Pages 1128-1139

  Abu Nimeh, Saeed ^a   Nair, Suku ^a  

^a Southern Methodist University   (United States)

Author keywords

DNS poisoning; Evil twin; Pharming; Phishing; Security toolbars

Indexed keywords

DNS POISONING; EVIL TWIN; PHARMING; PHISHING; TOOLBARS;

INTERNET PROTOCOLS; RADIO COMMUNICATION; WEB BROWSERS;

SECURITY OF DATA;

EID: 77958035829     PISSN: 15308669     EISSN: 15308677     Source Type: Journal    
DOI: 10.1002/wcm.829     Document Type: Article

References (25)

1. JiWire. Worldwide Wi-Fi hotspots hits the 100,000 mark. [Online] January 2006. URL http://www.jiwire.com/press-100khotspots. htm [Accessed: 15 March 2008].
2. Dell'Oro Group. Wireless LAN market to double. [Online] August 2005. URL http://www.delloro.com/news/2005/ WL080305.htm [Accessed: 15 March 2008].
3. Ravi S, Raghunathan A, Kocher P, Hattangady S. Security in embedded systems: design challenges. Transactions on Embedded Computing Systems 2004; 3(3): 461-491. Doi:http://doi.acm.org/10.1145/1015047.1015049
4. James L. Phishing Exposed. Syngress: Massachusetts, USA, 2005.
5. Anti-Phishing Working Group. APWG. [Online]. URL http://www.antiphishing. org [Accessed: 15 March 2008].
6. Canavan JE. The Fundamentals of Network Security. Artech House Publishers: Massachusetts, USA, 2001.
7. Abu-Nimeh S, Dunham K. Mobile Malware Attacks and Defense, Chap. 6. Syngress: Massachusetts, USA, 2008.
8. Tsow A, Jakobsson M, Yang L, Wetzel S. Warkitting: the drive-by subversion of wireless home routers. The Journal of Digital Forensic Practice 2006; 1(3): 179-192. URL http://www.indiana.edu/~phishing/papers/warkit.pdf
9. Stamm S, Ramzan Z, Jakobsson M. Drive-by pharming. Technical Report, Symantec Inc. 2006. URL www.symantec. com/avcenter/reference/DrivebyPharming.pdf
10. Abu-Nimeh S, Nair S. Bypassing security toolbars and phishing filters via dns poisoning. IEEE Global Communications Conference, 2008.
11. Wu M, Miller RC, Garfinkel SL. Do security toolbars actually prevent phishing attacks? CHI'06: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM: New York, NY, USA, 2006; 601-610. Doi:http://doi.acm.org/10.1145/1124772.1124863
12. Zhang Y, Egelman S, Cranor LF, Hong J. Phinding phish: evaluating anti-phishing tools. In Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS 2007), 2007.
13. Egelman S, Cranor LF, Hong J. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. CHI'08: Proceeding of the Twenty-sixth Annual SIGCHI Conference on Human Factors in Computing Systems. ACM: New York, NY, USA, 2008; 1065-1074. Doi:http://doi.acm.org/10.1145/1357054. 1357219
14. Kindberg T, O'Neill E, Bevan C, Kostakos V, Fraser DS, Jay T. Measuring trust in wi-fi hotspots. CHI'08: Proceeding of the Twenty-sixth Annual SIGCHI Conference on Human Factors in Computing Systems. ACM: New York, NY, USA, 2008; 173-182. Doi:http://doi.acm.org/10.1145/1357054.1357084
15. Earthlink Inc. Earthlink toolbar. [Online]. URL http://www. earthlink.net/earthlinktoolbar/ [Accessed: 15 March 2008].
16. Netcraft Ltd. Netcraft ant-phishing toolbar. [Online]. URL http://toolbar.netcraft.com/ [Accessed: 15 March 2008].
17. Chou N, Ledesma R, Teraguchi Y, Boneh D, Mitchell JC. Client-side defense against web-based identity theft. 11th Annual Network and Distributed System Security Symposium (NDSS'04), 2004. URL http://crypto.stanford.edu/Spoof- Guard/webspoof.pdf
18. Google Inc. Google toolbar. [Online]. URL http://toolbar. google.com/ [Accessed: 15 March 2008].
19. Microsoft Corp. Windows internet explorer. [Online]. URL http://www.microsoft.com/windows/products/winfamily/ie/default.mspx [Accessed: 15 March 2008].
20. Mozilla. Firfox web browser. [Online]. URL http://www. getfirefox.com [Accessed: 15 March 2008].
21. Opera. Opera browser. [Online]. URL http://www.opera.com [Accessed: 15 March 2008].
22. CoreStreet Ltd. Spoofstick toolbar. [Online]. URL http://www. spoofstick.com [Accessed: 15 March 2008].
23. Wireshark.Wireshark network protocol analyzer. [Online].URL http://www.wireshark.com [Accessed: 15 March 2008].
24. Franco R. Principles behind IE7's phishing filter. [Online] August 2005. URL http://blogs.msdn.com/ie/archive/2005/08/ 31/458663.aspx [Accessed: 15 March 2008].
25. Eclectica. OpenDNS and anti-phishing. [Online] September 2007. URL http://addiator.blogspot.com/2007/09/opendns-andanti- phishing.html [Accessed: 15 March 2008].