© 2004 VeriSign, Inc.

Secure LetterheadPhillip Hallam-Baker

Principal Scientist

VeriSign Inc.

2

We are not in Kansas any more

3

Their Goal

4

Our Goal

5

We do not have to find a silver bullet

6

20% reduction

7

Makeyour problemtheir problem

8

Phishing:The use of social engineering to

steal access credentials

9

Approach 1Respond to Attacks

10

Approach 2Deploy Strong

Credentials

11

Approach 2Disrupt the Social

Engineering Attack

12

User Education

13

The Real End-to-End Security Story

14

We must take multiple approaches

15

Which is Best?

16

All of them.

17

Strong Inbound Authentication+

Fraud Detection+

Capture Site Take Down+

Strong Outbound Authentication

18

Secure Letterhead:How to know a

message is authentic

20

before the next horse…

22

How does a user identify a site today?

23

What was the DNS designed to do?

24

A location service should be permissive

+ Where do I find The dotFuture Manifesto on the Web?+ www.thedotfuturemanifesto.com+ www.the-dotfuture-manifesto.com+ www.thedotfuturemanifesto.org+ dotfuturemanifesto.blogspot.com

25

An authentication service should be

restrictive

26

Solution:Separate the

authentication channel

27

How do we deploy?

28

Solution:Leverage the SSL Certificate Market

29

First Generation SSL Certs:

Accountability

30

Secure Letterhead

31

32

Who Guards the Guardians?

33

Accountability

34

The Trust Brand on the Line

35

What is missing?

36

Browser Support

37

LOGOTYPE Certificate Issuers

© 2004 VeriSign, Inc.

Thank Youwww.verisign.com/antiphishing

dotcrimemanifesto.blogspot.com