Tips from the DIMACS Cybersecurity Conference

Newswise — Industry and academic cybersecurity experts will convene Thursday and Friday (April 14-15) in Piscataway, N.J., to discuss new and as-yet-unresolved threats to safe and secure e-commerce. Their meeting is the first scientific conference devoted specifically to phishing and related e-commerce issues. It will be hosted by the Center for Discrete Mathematics and Theoretical Computer Science (DIMACS) at Rutgers University. J.P. Morgan Chase Senior Vice President for Consumer Risk Management Richard A. Parry is an invited speaker.

"Messin' with Texas" reveals President Bush's not-so-personal information

Mothers' maiden names may seem like a safe way to authenticate the identity of an Internet user, but Indiana University School of Informatics research assistant Virgil Griffith and IU Bloomington computer scientist Markus Jakobsson will show how easy it is to mine online public records for this information using President George W. Bush and 3,773,882 other Texans as faux-victims. The researchers were able to retrieve the names despite the removal of online birth and death records in 2000 and 2002, respectively, as ordered by the Texas legislature. Because mothers' maiden names are so easily retrieved, the researchers urge American businesses to use other means of authentication. Jakobsson is an associate director of the IU Center for Applied Cybersecurity Research.

"Messin' with Texas: Deriving mothers' maiden names using public records"Thursday, April 14, 3:45 p.m.CoRE Building, DIMACS Center

Distributed phishing attacks could evade authority

The easiest way for Internet service providers (ISPs) to end a phishing attack is to pull the plug on the phisher's fake Web site. This protects future victims from revealing their personal information. But what if phishers use their computer savvy to make endless copies of their false Web sites, each one hosted in a different place? Many of these sites may be unwittingly hosted by companies and individuals whose firewalls have been compromised by the attacker. Indiana University Bloomington computer scientist Markus Jakobsson and LEGC LLC Senior Managing Consultant Adam Young will discuss how phishers might go about hijacking users' accounts to stay one step ahead of ISPs. They'll also explain how ISPs might protect themselves -- and their clients. Although this type of phishing attack has not yet been seen, Jakobsson and Young believe it is inevitable unless something is done preemptively to stop it. Jakobsson is an associate director of the IU Center for Applied Cybersecurity Research.

"Distributed phishing attacks"Friday, April 15, 11:45 a.m.CoRE Building, DIMACS Center

A better way to can spam: block it, don't screen it

Experts estimate 60 to 80 percent of today's e-mails are unsolicited junk, and that's because e-mail "spammers" are playing the averages. For a mere $100, spammers can buy a list of 30 million e-mail addresses. If a mere 0.001 percent of those who receive a spam message respond favorably to a $10 scam, that still earns the spammer a $2,900 net profit. If the spammer is an e-mail phisher, a similarly low success rate still yields personal information from 300 victims. Indiana University Bloomington computer scientist Minaxi Gupta says a better way of preventing spam e-mails from ever reaching their intended recipients is to perform active "spam management" by creating criteria that block or delay spam, turning the local incoming mail server into a sort of nightclub bouncer. Today's spam filtering software does not stop spam at the door. Instead it screens and deletes unwanted messages only after they've been copied to the local server. Gupta says this method of spam prevention is costly -- in terms of both hard drive space and Internet bandwidth use.

"Blocking phishing spam: Pitfalls and future directions"Thursday, April 14, 2:30 p.m.CoRE Building, DIMACS Center