the difference between a killer deal and a deal killer
play

THE DIFFERENCE BETWEEN A KILLER DEAL AND A DEAL KILLER MARKUS - PowerPoint PPT Presentation

Feb 25, 2024 •245 likes •567 views

THE DIFFERENCE BETWEEN A KILLER DEAL AND A DEAL KILLER MARKUS JAKOBSSON PAYPAL THAT DIFFERENCE IS OFTEN SMALL 2 Confidential and Proprietary PART 1/3: DEALING WITH WEB SPOOFING JOINT WORK WITH HOSSEIN SIADATI 3 Confidential and

  1. THE DIFFERENCE BETWEEN A KILLER DEAL AND A DEAL KILLER MARKUS JAKOBSSON PAYPAL

  2. THAT DIFFERENCE IS OFTEN SMALL 2 Confidential and Proprietary

  3. PART 1/3: DEALING WITH WEB SPOOFING JOINT WORK WITH HOSSEIN SIADATI 3 Confidential and Proprietary

  4. Theory ¡of ¡When ¡Spoofing ¡Works ¡ ¡ An ¡a3acker ¡is ¡successful ¡if ¡ ¡ ¡ 1. The ¡vic;m ¡is ¡tricked, ¡and ¡as ¡a ¡result ¡ 2. The ¡vic;m ¡acts, ¡benefiBng ¡the ¡a3acker ¡

  5. Theory ¡of ¡When ¡Spoofing ¡Works ¡ Tradi;onal ¡countermeasures ¡address ¡this ¡part ¡ ¡ ¡(locks, ¡colors, ¡warnings ¡– ¡a ¡user ¡communica;on ¡problem) ¡ ¡ An ¡a3acker ¡is ¡successful ¡if ¡ ¡ ¡ 1. The ¡vic;m ¡is ¡tricked, ¡and ¡as ¡a ¡result ¡ 2. The ¡vic;m ¡acts, ¡benefiBng ¡the ¡a3acker ¡

  6. Theory ¡of ¡When ¡Spoofing ¡Works ¡ ¡ An ¡a3acker ¡is ¡successful ¡if ¡ ¡ ¡ 1. The ¡vic;m ¡is ¡tricked, ¡and ¡as ¡a ¡result ¡ 2. The ¡vic;m ¡acts, ¡benefiBng ¡the ¡a3acker ¡ Can ¡we ¡address ¡this ¡instead? ¡

  7. Imagine ¡a ¡World ¡Where… ¡ GOOD ¡SITE ¡ NAÏVE ¡USER ¡ SUCCESS ¡ + ¡ = ¡ ¡ ¡NAÏVE ¡USER ¡ SPOOF ¡SITE ¡ ABORT ¡ (SAME ¡ACTION) ¡ + ¡ = ¡

  8. ¡ Here ¡is ¡How ¡to ¡Do ¡It! ¡ LOG ¡IN ¡NOW ¡ Y ¡ On ¡ Enter ¡Password: ¡ white-­‑ list? ¡ N ¡ ABORT ¡

  9. Feedback ¡– ¡but ¡no ¡instruc;ons ¡

  10. Performance ¡ 75% ¡ 15% ¡ 10% ¡

  11. PART 2/3: DISCOURAGING LYING 11 Confidential and Proprietary

  12. HOW LIES “SOLIDIFY”… 12 Confidential and Proprietary

  13. … AND HOW TO AVOID IT! …… 13 Confidential and Proprietary

  14. EXPERIMENT DESIGN MOTIVE CRIME VARI ABLE REACTION 14 Confidential and Proprietary

  15. EXPERIMENT DESIGN Affiliate sends you a broken item. MOTIVE CRIME VARI ABLE REACTION 15 Confidential and Proprietary

  16. EXPERIMENT DESIGN Affiliate sends you a broken item. MOTIVE You decide to order “and never CRIME receive”. VARI ABLE REACTION 16 Confidential and Proprietary

  17. EXPERIMENT DESIGN Affiliate sends you a broken item. MOTIVE You decide to order “and never CRIME receive”. You select item, see You select photo/name VARI ABLE item. of delivery. REACTION 17 Confidential and Proprietary

  18. AN EXPERIMENT - REACTION 18 Confidential and Proprietary

  19. AN EXPERIMENT – RESULTS Test: 304 Control: 318 TEST TREATMENT REDUCES LIES BY ~60% 19 Confidential and Proprietary

  20. HOW TO AVOID LIES • Confront the user before he has committed to his lie • Provide him with an “easy out” at the tipping point 20 Confidential and Proprietary

  21. EXPERIMENT NUMBER 2 Affiliate sends you a broken item. MOTIVE You decide to order “and never CRIME receive”. You select item, told You select “was your VARI ABLE item. computer”. REACTION 21 Confidential and Proprietary

  22. EXPERIMENT NUMBER 2 Affiliate sends you a broken item. MOTIVE You decide to order “and never CRIME receive”. You select item, told You select “was your VARI ABLE item. computer”. TEST TREATMENT REDUCES LIES BY ~30% REACTION 22 Confidential and Proprietary

  23. HOW TO AVOID LIES • Order matters: evidence first, decision second • Always build an emergency exit • Concrete evidence is more helpful • Some confrontation hurts the honest – other does not 23 Confidential and Proprietary

  24. PART 3/3: DERIVED PINS JOINT WORK WITH DEBIN LIU 24 Confidential and Proprietary

  25. SOME BAD PINS 1234 2580 Your spouse’s birthday PINs you forget Confidential and Proprietary

  26. CORPORATE FOUR-LETTER WORD “ Friction ” Confidential and Proprietary

  27. WHAT WILL USERS SEE Confidential and Proprietary

  28. EXAMPLE USER MAPPING “Blu2thRules” “2582” Confidential and Proprietary

  29. OPPORTUNISTIC DERIVATION Access; Truncate; Map; Store Confidential and Proprietary

  30. PASSWORD CHANGE? Dual Universes Confidential and Proprietary

  31. IMAGINE PIN THEFT 20 18 16 14 12 10 8 6 4 2 0 Password Entropy Entropy of Derived Conditional Password PINs Entropy Confidential and Proprietary

  32. MORE DETAILS www.spoofkiller.com www.derivedPIN.com … or email me at majakobsson@paypal.com … 32 Confidential and Proprietary

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Panel Discussion Insights: The Killer of Creative? Or the Driver of Killer Creative? ARF

Panel Discussion Insights: The Killer of Creative? Or the Driver of Killer Creative? ARF

Panel Discussion Insights: The Killer of Creative? Or the Driver of Killer Creative? ARF Creative Council Moderator: Andrew Smith Jay Mattlin Consultant #CxS2018 ARF Creative Council Working Group on Driving the Power of Creative Through

327 views • 14 slides
Not Killer Applications but perhaps Killer Solutions. Model Model Results Results

Not Killer Applications but perhaps Killer Solutions. Model Model Results Results

Problem Problem Not Killer Applications but perhaps Killer Solutions. Model Model Results Results Conclusions Conclusions Success Factors for Mobile Computing Applications and Business Models: An Empirical Study. Hans Juergen Ott The

258 views • 4 slides
CSI Dublin: The Hunt for the Irish Potato Killer Isolating a Potato Killer: Using Aseptic

CSI Dublin: The Hunt for the Irish Potato Killer Isolating a Potato Killer: Using Aseptic

CSI Dublin: The Hunt for the Irish Potato Killer Isolating a Potato Killer: Using Aseptic Laboratory Technique to Isolate and Transfer a Pathogen from a Infected Sample to a Healthy Sample What is Disease? Brainstorm the idea of disease:

271 views • 12 slides
Roosevelt's New Deal Mr. Venezia Roosevelt's New Deal 1 Election of 1932 Roosevelt's New Deal

Roosevelt's New Deal Mr. Venezia Roosevelt's New Deal 1 Election of 1932 Roosevelt's New Deal

Roosevelt's New Deal Mr. Venezia Roosevelt's New Deal 1 Election of 1932 Roosevelt's New Deal 2 Successes and Failures of Roosevelts New Deal Programs When President Roosevelt took office in 1933, he feverishly created program

461 views • 43 slides
Killer Portfolio or Portfolio Killer Greg Foertsch Firaxis Games Jeremy Bennett Valve

Killer Portfolio or Portfolio Killer Greg Foertsch Firaxis Games Jeremy Bennett Valve

Killer Portfolio or Portfolio Killer Greg Foertsch Firaxis Games Jeremy Bennett Valve Teagan Morrison- Naughty Dog Shawn Robertson Irrational Games Wyeth Johnson Epic Games David DJ Johnson Infinity Ward Alison Kelly

198 views • 5 slides
6. "Happy Days Are Here Again": FDR and the New Deal 6.1 FDR and the New Deal 6.2 A

6. "Happy Days Are Here Again": FDR and the New Deal 6.1 FDR and the New Deal 6.2 A

6. "Happy Days Are Here Again": FDR and the New Deal 6.1 FDR and the New Deal 6.2 A New Deal 6.3 The First New Deal 6.4 The Second New Deal 6.5 Controversies and Critics 6.6 The New Deal's Legacy 6.1 FDR and the New Deal

486 views • 35 slides
The Green Deal Tracy Vegro Director, Green Deal Contents 1. Introducing the Green Deal 2. ECO

The Green Deal Tracy Vegro Director, Green Deal Contents 1. Introducing the Green Deal 2. ECO

The Green Deal Tracy Vegro Director, Green Deal Contents 1. Introducing the Green Deal 2. ECO and the Green Deal 3. Stimulating Demand 4. Consultation & next steps 2 1. Introducing the Green Deal 3 VISION An innovative policy

595 views • 20 slides
Solving the high-dimensional Vlasov equation with deal.II and hyper.deal Eighth deal.II Users and

Solving the high-dimensional Vlasov equation with deal.II and hyper.deal Eighth deal.II Users and

Solving the high-dimensional Vlasov equation with deal.II and hyper.deal Eighth deal.II Users and Developers Workshop Peter Munch 12 , Katharina Kormann 3 , Martin Kronbichler 1 1 Institute for Computational Mechanics, Technical University of

403 views • 27 slides
Killer Presentation Skills: How to Acquire the Skills and Killer Presentation Skills: How to

Killer Presentation Skills: How to Acquire the Skills and Killer Presentation Skills: How to

TRELMGCDH1GH \\ Kindle < Killer Presentation Skills: How to Acquire the Skills and Say Goodbye to... Killer Presentation Skills: How to Acquire the Skills and Killer Presentation Skills: How to Acquire the Skills and Say Goodbye to Fear,

302 views • 4 slides
Enhancing Server Efficiency in the Face of Killer Microseconds Amirhossein Mirhosseini, Akshitha

Enhancing Server Efficiency in the Face of Killer Microseconds Amirhossein Mirhosseini, Akshitha

Enhancing Server Efficiency in the Face of Killer Microseconds Amirhossein Mirhosseini, Akshitha Sriraman, Thomas F. Wenisch University of Michigan HPCA 2019 02 /18/2019 Killer Microseconds [Barroso17] Frequent microsecond-scale

625 views • 23 slides
Visual Rhetorical Analysis Killer Fries By: Shelby Blaker & Charles Eichelberger

Visual Rhetorical Analysis Killer Fries By: Shelby Blaker & Charles Eichelberger

Visual Rhetorical Analysis Killer Fries By: Shelby Blaker & Charles Eichelberger McDonald's Brand Originated in America Classic brand recognition Largest Fast-Food chain in the world Worldwide recognition Killer

174 views • 15 slides
Killer Whales, Salmon, Taxes & LSR Dams Art by Ariel Omega Young May 4 2016 Southern

Killer Whales, Salmon, Taxes & LSR Dams Art by Ariel Omega Young May 4 2016 Southern

Killer Whales, Salmon, Taxes & LSR Dams Art by Ariel Omega Young May 4 2016 Southern Resident Killer Whales (SRKW) At Risk of Extinction Decrease in salmon Increase in mortality J, K & L pods need ~1500 salmon a day Haro

613 views • 47 slides
Deal Activity - - 2006 2006 7,000 $80,000 Deal Activity $70,000 6,000 $60,000 5,000

Deal Activity - - 2006 2006 7,000 $80,000 Deal Activity $70,000 6,000 $60,000 5,000

2007 Multifamily Market: Review and Assessment Aubrey L. Layne, Jr. President Great Atlantic Management GREAT ATLANTIC Deal Activity and Headlines Economic and Operating Environment Outlook HR Apartment Deal Volume and Price

540 views • 4 slides
WHY WEATHER #1 Pilot Killer Least training

WHY WEATHER #1 Pilot Killer Least training

WHY WEATHER #1 Pilot Killer Least training highest impact We fly weather suscepBble aircraE Tools are quickly changing and

449 views • 14 slides
What does a deal look like? How do I get paid? What will I need? How long

What does a deal look like? How do I get paid? What will I need? How long

What does a deal look like? How do I get paid? What will I need? How long will it take? There are actually only 3 main deal types in the house business. 1. Rehabs Buy it cheap, renovate it and sell at retail price and

883 views • 72 slides
Why is it some people net a million or more every year and others struggle from deal to deal

Why is it some people net a million or more every year and others struggle from deal to deal

Why is it some people net a million or more every year and others struggle from deal to deal and never get going? Are they smarter? Do they have more experience? Do they have more money? Are they lucky? The Answer

514 views • 39 slides
Rural Mentoring: Leveraging Community Assets and Creating a Culture of Mentoring March 21, 2019

Rural Mentoring: Leveraging Community Assets and Creating a Culture of Mentoring March 21, 2019

Collaborative Mentoring Webinar Series Rural Mentoring: Leveraging Community Assets and Creating a Culture of Mentoring March 21, 2019 2019 Collaborative Mentoring Webinar Series Planning T eam The Collaborative Mentoring Webinar Series is

654 views • 41 slides
Affiliate NetIDs - Where Are We Now? Pat Schlehuber - AITS Who are the Urbana affiliates?

Affiliate NetIDs - Where Are We Now? Pat Schlehuber - AITS Who are the Urbana affiliates?

Affiliate NetIDs - Where Are We Now? Pat Schlehuber - AITS Who are the Urbana affiliates? Non-students/staff/and faculty Members of established programs Allied agencies Special Visiting scholars Vendors

961 views • 20 slides
& Network for Good: A Partnership for [[[ Fundraising Success www.networkforgood.org/npo

& Network for Good: A Partnership for [[[ Fundraising Success www.networkforgood.org/npo

National Wildlife Federation Affiliates & Network for Good: A Partnership for [[[ Fundraising Success www.networkforgood.org/npo Who we are Network for Good is a nonprofit that was started in 2001 by the technology giants AOL, Cisco

196 views • 16 slides
Next Generation ACO Model Open Door Forum: Beneficiary Engagement April 7, 2015 Agenda

Next Generation ACO Model Open Door Forum: Beneficiary Engagement April 7, 2015 Agenda

Next Generation ACO Model Open Door Forum: Beneficiary Engagement April 7, 2015 Agenda Preliminary Beneficiary Engagement Timeline Beneficiary Engagement Topics Next Generation ACO Entities Providers/Suppliers Preferred

584 views • 34 slides
Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*,

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*,

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting Neha Chachra*, Damon McCoy, Stefan Savage, Geoffrey M. Voelker 2 3 4 5 6 Spam was 70% of total email traffic in 2013 7 buydrugs.com canadianpharmacy.com

686 views • 49 slides
Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019

Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019

Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019 aer.gov.au 1 Introduction Ring-fencing guideline p rogress so far guideline observations. Purpose of this consultation: review of

562 views • 31 slides
Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca

Tracking Ransomware End-to-end Danny Y. Huang Maxwell Matthaios Aliapoulios, Vector Guo Li Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin Kirill Levchenko, Alex C. Snoeren, Damon McCoy Ransomware causes financial damages

798 views • 54 slides
Clinical Trials Network Awards and Texas Clinical Trials Participation Program Awards RFA -

Clinical Trials Network Awards and Texas Clinical Trials Participation Program Awards RFA -

Clinical Trials Network Awards and Texas Clinical Trials Participation Program Awards RFA - Webinar October 19, 2020 AGENDA 12:00 12:05 Welcome James Willson, M.D., CPRIT Chief Scientific Officer Patty Moore, Ph.D., Senior Program

450 views • 12 slides

More recommend