Expoure! "inding Mali#iou $o%ain Uing &ai'e $(S Anal)i,* &ro#. +,-. Ann. (e-/or0 and $i-ri1u-ed S)-e% Se#uri-) S)%p. 2($SS3, "e1. 45++. We find that traditional password advice given to users is somewhat dated. Strong passwords do nothing to protect online users from password stealing attacks such as phishing and key logging, and yet they place considerable burden on users. Passwords that are too weak of course invite brute-force attacks. However, we find that relatively weak passwords, about 2 bits or so, are sufficient to make brute-force attacks on a single account unrealistic so long as a three strikes! type rule is in place. "bove that minimum it appears that increasing password strength does little to address any real threat. #f a larger credential space is needed it appears better to increase the strength of the user #$%s rather than the passwords. &or large institutions this is 'ust as effective in deterring bulk guessing attacks and is a great deal better for users. &or small institutions there appears little reason to re(uire strong passwords for online accounts. $. $agon, Bo-ne- $e-e#-ion and Repone, -.e (e-/or0 I -.e In6e#-ion,* &ro#. $o%ain (a%e S)-e% 7pera-ion Anal)i and Reear#. Cen-er 8or0.op, 4559. )he Passwords are perhaps the most widely-used methods of user authentication. "lthough there are more secure authentication mechanisms, e.g. hardware token, certification or fingerprint based authentication, password based authentication remains the widely used mechanism due to its low-cost and convenience. *ecause passwords should be memori+ed, they are generally chosen from a small domain, which enables an adversary mounting dictionary attack on password-based schemes. ,everse )uring )est -,)). is a promising tool to defeat online password attacks mounted by automated programs. )he ,everse )uring )est is easy for human users to pass, but hard for automated programs. "t present, it is widespread for web service providers to ask users to pass ,))s before the user names and passwords are checked. )he scheme is secure against global password attacks mounted by automated programs. )he main drawbacks of this scheme are usability and scalability. *ecause for each login attempt, a user has to answer at least one ,)) (uestion, which may annoy some of the users/ and the server has to generate one ,)) (uestion, which consumes a lot of computation power of the server if there are many users login simultaneously. C.:. $ie-ri#., C. Roo/, ".C. "reiling, ;. Bo, M. 'an S-een, and (. &o.l%ann, 7n Bo-ne- -.a- Ue $(S 6or Co%%and and Con-rol,* &ro#. European Con6. Co%pu-er (e-/or0 $e6ene, Sep-. 45++. )here have been many attempts to measure how many hosts are on the #nternet. 0any of those endpoints, however, are 1") bo2es -1etwork "ddress )ranslators., and actually represent several different computers. We describe a techni(ue for detecting 1")s and counting the number of active hosts behind them. )he techni(ue is based on the observation that on many operating systems, the #P header3s #$ field is a simple counter. *y suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined. 4ur implementation, tested on aggregated local trace data, demonstrates the feasibility -and limitations. of the scheme.
M.T. <oodri#., R. Ta%aia, and $. Yao, A##redi-ed $o%ainKe)! A Ser'i#e Ar#.i-e#-ure 6or I%pro'ed E%ail Valida-ion,* &ro#. Con6. E%ail and An-i=Spa% 2CEAS >593, :ul) 4559. )he present a usability study of two recent password manager proposals5 Pwd Hash and Password 0ultiplier. *oth pro'ects considered usability issues in greater than typical detail, the former briefly reporting on a small usability study/ both also provided implementations for download. 4ur study involving 26 users found that both proposals suffer from ma'or usability problems. Some of these are not 7simply8 usability issues, but rather lead directly to security e2posures. 1ot surprisingly, we found the most significant problems arose from users having inaccurate or incomplete mental models of the software. 4ur study revealed many interesting misunderstandings 9 for e2ample, users reporting a task as easy even when unsuccessful at completing that task/ and believing their passwords were being strengthened when in fact they had failed to engage the appropriate protection mechanism. 4ur findings also suggested that ordinary users would be reluctant to opt-in to using these managers5 users were uncomfortable with 7relin(uishing control8 of their passwords to a manager, did not feel that they needed the password managers, or that the managers provided greater security. I. Mo0o/i-z, R.E. (e/%an, $.&. Crepeau, and A.R. Miller, Co'er- C.annel and Anon)%izing (e-/or0,* &ro#. ACM 8or0.op &ri'a#) in -.e Ele#-roni# So#. 28&ES >5?3, pp. @A=,,, 455?. $o and $on>- o6 Clien- Au-.en-i#a-ion on -.e 8e1 )he :lient authentication has been a continuous source of problems on the Web. "lthough many well-studied techni(ues e2ist for authentication, Web sites continue to use e2tremely weak authentication schemes, especially in non- enterprise environments such as store fronts. )hese weaknesses often result from careless use of authenticators within Web cookies. 4f the twenty-seven sites we investigated, we weakened the client authentication on two systems, gained unauthori+ed access on eight, and e2tracted the secret key used to mint authenticators from one. We provide a description of the limitations, re(uirements, and security models specific to Web client authentication. )his includes the introduction of the interrogative adversary, a surprisingly powerful adversary that can adaptively (uery a Web site. We propose a set of hints for designing a secure client authentication scheme. ;sing these hints, we present the design and analysis of a simple authentication scheme secure against forgeries by the interrogative diversary. #n con'unction with SS<, our scheme is secure against forgeries by the active adversary.