TheFeature.com explains a new security protocol that seeks to expose the evil twins and dodgy middlemen lurking in the shadows of wireless access points.
Phishers use technical spoofing and social engineering to trick potential victims into thinking that they’re interacting with a legitimate Web site. For example, following a link may take you to a page that looks just like PayPal, but in reality is a phisher’s net.
“Phishing exists in both wireless and wired settings,” says cryptographer Markus Jakobsson, a professor at the Indiana University School of Informatics. “But it’s a bit more difficult to protect against when you’re using a public wireless access point and you can’t be entirely sure of its identity.”According to his bio, Jakobsson “teaches cryptography, security, protocol design, and likes to cheat.” The combination of his professional practice and, well, appreciation for a good con helps him stay one step ahead of the phishers.
Researchers have established a Web page that explains their patent-pending Delayed Password Disclosure protocol. Within a few months, they hope to release a beta version of the protocol for PCs.
The next step, Jakobsson says, is to tweak the code so that it will run on smartphones.
.gif)
