Back home   |   Bookmark   |   Start page   |   Site map    
Services
Free postcards
Online games
User's forum
Free wallpapers
News
US
World
Art & culture
Companies
NGO's
Sports
Channels
Home & Family
Family
Health
Home
Kitchen
Self help
Women
Leisure
Entertainment
Holidays
Travel
Technology
Computers
Freeware
Personal tech
Webmastering
Business
Business
Money & Finance
Real estate
Science
Astronomy
Biology
Chemistry
Ecology & Geology
Engineering
Medicine
Math & Physics
Paleo & Archeology
Site Search
Website directory
Submit your site
Free email
Username:
Password:

Help
Lost password?

New active cookie helps protect Internet users from cyber crooks

TheallIneed/NC&T/IU
Cybersecurity expert Markus Jakobsson and the start-up RavenWhite Inc., of which Jakobsson is a co-founder, have developed an "active cookie," a countermeasure designed to protect against online scams such as pharming and man-in-the-middle attacks.

Pharming is obtaining personal or private (usually financial) information through domain spoofing. Rather than spamming with malicious and mischievous e-mail requests for users to visit fake Web sites which appear legitimate, pharming "poisons" a domain name server by planting false information in the server, resulting in a user's request being redirected elsewhere. The browser, however, tells users they are at the correct Web site.

"There are no reliable commercial tools currently available to protect users from such attacks," said Jakobsson, associate professor of informatics and associate director of the IU Center for Applied Cybersecurity Research. "We believe that active cookies can provide such protection."

RavenWhite provides a new use of cookies, which are coded pieces of information stored on a person's computer that identify that computer during the current and subsequent visits to a Web site. Active cookies can be used in some situations where traditional cookies are not practical. Jakobsson's invention helps protect against known types of pharming attacks and man-in-the-middle attacks, but also against new and threatening versions such as two new attacks discovered by Mark Meiss and Alex Tsow, both computer science doctoral students at IU.

Meiss discovered a technique that allows an attacker to hijack almost any Wi-Fi (wireless fidelity) connection with the purpose of redirecting users to incorrect sites. He recently verified that the technique works in a local hotspot, a location where Wi-Fi users pick up an active signal.

"There is no way a user can determine that this attack takes place," explained Meiss, a researcher at IU's Advanced Network Management Lab. "You can't be sure you are actually visiting your banking site, for example, even though it looks like you are. There is simply no way of telling."

Tsow discovered that consumer routers can be trivially modified to stealthily redirect users to fake sites. He showed a browser window where he typed eBay into the address bar, but where the loaded content showed the Web page of the Anti-Phishing Working Group.

"In a real attack, the user would be taken to a site that is a true clone of the place they intended to go, but the cloned site would be operated by the attacker and would steal the user's password," said Tsow, a visiting research associate who works with Jakobsson.

Jakobsson believes these kinds of attacks pose threats that few have considered. "How can I dare to connect in a hotspot when the guy next to me may be hijacking my connection and taking me to the wrong site to steal my password?" Jakobsson asked. "And how can anybody buy hardware from sellers they don't trust? These attacks are not detectable by the ordinary Internet user."

Jakobsson cautions that consumers should not buy a router from online services if they fear the seller might really be a phisher in disguise. Apart from being a problem for online auction sites such as eBay, it is also a problem for financial service providers, whose customers are the potential victims of attacks of this type.

"Those are the organizations that would benefit most from using active cookies," Jakobsson added.

About the Author
©2006 All rights reserved

More articles
Double crystal fusion tabletop accelerator
Reversible microlenses chemical detection
Safer metal alloys
Light-emitting semiconductors
New battery for hybrid cars
Sound unroof jet engines
Deafness cochlear implants
Cybercrime investigation fingerprint
Quantum computer interrogation
Active cookie cyber crooks
 Liquid nanodrops
Population inversion
Quantum breakup bits
Robotic smooth operators
Cell phones airplane
Forensic technology cyber thieves
noble metal nitrides
Nanoparticles Biocompatible capsules
nano skins polymeres
bacteria-powered fuel cells
Quotes
Heres tae the fool on the hill and his pals that are down in the valley.- Wolfstone, Glass and the Can

He thought the formula for water was H-I-J-K-L-M-N-O (H-to-O).

He uses statistics as a drunken man uses lampposts — for support rather than illumination. — Andrew Lang.


Writers
If you are a writer and want to see your article published at Theallineed.com, just click here to submit.

Info
Contact us
Privacy policy
Terms of use
Lexur
Today...
In the news...
Secretary-General welcomes 'historic' election of Lebanese President
United Nations Secretary-General today congratulated the Lebanese people on the election of President Michel Suleimane, ending the deadlock that has endured in the Middle Eastern nation since last November.
What would you change about Internet shopping?
Have more sales just like the stores
Offer more incentives like free shipping
Have operators available 24 hours
Wouldn't change anything
Other
  
Things to ponder
If work is so terrific, how come they have to pay you to do it?

Did you know...
One quarter of the bones in your body are in your feet.

Quote of the day
Puritanism: The haunting fear that someone, somewhere, may be happy.
HL Mencken

Featured article
Getting the right vacuum cleaner for your home
Buying a vacuum cleaner might seem easy, but there are important issues to consider. These include price, features, and what type and size of house a person has.

 
© 2002 - 2007 Lexur