IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain - - PowerPoint PPT Presentation

▶

Sep 09, 2023 387 likes •453 views

IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain Latest Status New draft out. Missed deadline by a little; should show up in repository soon. draft-ietf-inch-phishingextns-02 One Technical change Many

SLIDE 1

IODEF Extensions for Phishing and Other E-Crimeware

Patrick Cain

SLIDE 2

Latest Status

New draft out.

– Missed deadline by a little; should show up in repository soon. – draft-ietf-inch-phishingextns-02

One Technical change
Many editorial modifications

SLIDE 3

Technical Change

A text string field was added to the

‘phish:Source’ data item.

– Capture DNS/whois data at the time of the initial investigation.

When investigating an incident, current

DNS/whois data is used. That data changes as the incident progresses. One may find the (fraudulent) DNS data changes from time to time.

SLIDE 4

The future

Add a few more examples to the appendix

– Fix any bugs detected

Generating a few more tools to

encode/process data

– We have generated and sent phish reports to the APWG repository via XML. ☺

Await comments

SLIDE 5

IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain - - PowerPoint PPT Presentation

IODEF Extensions for Phishing and Other E-Crimeware

Patrick Cain

Latest Status

– Missed deadline by a little; should show up in repository soon. – draft-ietf-inch-phishingextns-02

Technical Change

‘phish:Source’ data item.

– Capture DNS/whois data at the time of the initial investigation.

DNS/whois data is used. That data changes as the incident progresses. One may find the (fraudulent) DNS data changes from time to time.

The future

– Fix any bugs detected

encode/process data

– We have generated and sent phish reports to the APWG repository via XML. ☺

End

Patrick Cain pcain@coopercain.com