Stanford security experts unveil ''SPOOFGUARD''

[ZOverLord]

It?s an online con that is growing fast and stealing tens of millions of dollars.

An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such ?phishing? attacks exploit a universal weakness in online security: passwords.

To read the rest of the story and download this new utility please go here:

http://testing.onlytherightanswers.com/modules.php?name=News&file=article&sid=15

 

[MrNutz]

interesting... unfortunately, i know too many ppl that have been tricked by scam emails.

When a potential phishing victim unwittingly enters his eBay password at a phony site posing as eBay, PwdHash generates a new password for the phisherís site, so the phisher ends up gathering something totally different than what is actually needed to log in at eBay.

SpoofGuard will warn users who are visiting pages already known to the anti-phishing community.

Finally, it will ?watch? as users type in passwords. If the password is being entered at a site different than the one it associates that password with, SpoofGuard will warn the user.

 

[ZOverLord]

Originally posted by: MrNutz
interesting... unfortunately, i know too many ppl that have been tricked by scam emails.

When a potential phishing victim unwittingly enters his eBay password at a phony site posing as eBay, PwdHash generates a new password for the phisherís site, so the phisher ends up gathering something totally different than what is actually needed to log in at eBay.

SpoofGuard will warn users who are visiting pages already known to the anti-phishing community.

Finally, it will ?watch? as users type in passwords. If the password is being entered at a site different than the one it associates that password with, SpoofGuard will warn the user.

This is for real, actually, it is one of if not the best method used for protection so far, it uses a HASH of both the PASSWORD and the IP address, it does this so that IF you ever get spoofed, it will catch it because the HASH would not be the same, since it is a Bogus IP adress when being spoofed.

Go to the Standford web site, check the IP address it is real, better yet do a search on it as well.

Hope This Helps

 

[EagleKeeper]

People that are alert enough to use this also know better to allow phishing in the first place

This utility should be built into the OSes for everyone. That way it will protect thaose that need protection.