Re: FW: Phishing Bibliography from Chris Drake on 2006-10-11 (public-usable-authentication@w3.org from October 2006)

From: Chris Drake <christopher@pobox.com>
Date: Thu, 12 Oct 2006 00:27:17 +1000
To: "Sebastian Gajek" <sebastian.gajek@nds.rub.de>
CC: public-usable-authentication@w3.org
Message-ID: <1661362527.20061012002717@pobox.com>

Hi Sebastian,

This isn't a paper, but it is one-of-a-kind - a list of threats
including the class of "phishing" - without adverts, solutions,
exclusions, or secret agendas.

http://chrisdrake.com/Comprehensive_list_of_Threats_to_Authentication_Procedures_and_Data.html

In other words - the papers you list all concentrate on individual
parts of one aspect of security problems - this list explains the big
picture.  For example: before the word "phishing" was invented, this
threat was broadly called "social engineering", a recent trade-show
demonstration (for example) found 70% of users would reveal their
password (in person) for a bar of chocolate.  I would wager a bet that
few, if any, of your papers chose to include *all* kinds of phishing
attacks - including "offline" - so I believe something is needed to
remind the lay-person that any particular solution presented in a
paper probably is only going to solve a small part of the problem.

Kind Regards,
Chris Drake

Wednesday, October 11, 2006, 10:20:40 PM, you wrote:

SG> FYI 

>> -----Ursprüngliche Nachricht-----
>> Von: Sebastian Gajek [mailto:sebastian.gajek@nds.rub.de] 
>> Gesendet: Mittwoch, 11. Oktober 2006 14:12
>> An: 'Anti-fraud-request@lists.cacert.org'
>> Betreff: Phishing Bibliography
>> 
>> Hey all,
>> 
>> I build up a phishing bibliography listing acadamic papers 
>> presented at international conferences, workshops  or 
>> journals. There has been a lot of work in this area recently, 
>> some of the papers I was even not aware.
>> 
>> Please take a look at 
>> http://www.nds.rub.de/research/top/ipi/phishbib/index.html
>> If you miss any important publication, find a mistake or do 
>> not want to be listed, do not hesitate to contact me. 
>> 
>> Thanks for your help.
>> 
>> br
>> 
>> Dipl.-Ing. Sebastian Gajek
>> Horst Görtz Institute for IT-Security
>> Ruhr University of Bochum
>> 		
>> Universitätsstr. 150
>> 44780 Bochum, Germany
>> Phone: +49 (0)234/32-26740
>> Fax: +49 (0)234/32-14347
>> Web: http://www.nds.rub.de
>>

Received on Wednesday, 11 October 2006 14:27:39 UTC