ThePost sent me this link to Dr. Markus Jakobsson explaining how click fraud and phishing works for Google employees. At first this talk was a complete snoozer (if you already know this stuff, it won’t be an eye opener but if you aren’t familiar with it, it’s worth listening to the first half an hour). But the second half of it is where it gets interesting.

Firstly, one thing he mentioned during the speech was that you could create a robot to spider the net looking for bad things - well it turns out there is an easier way for Google to do this - their own spyware. Since Google Web Accelerator is spyware, they can see whatever they want that the user sees - making it a canary account. The counter attack for fraudsters is to create tactics to avoid exploiting users with web accelerator and it would make sense anyway. What’s worse, having Spyware on your machine or making a bad guy a few cents by subverting your clicks - tough choice. He also says, he’s not sure if Google has a way to tell where users have been before - again, Google’s spyware is pretty convenient here too.

I thought it odd that the Google engineers didn’t understand how the browser anti-phishing stuff works (it’s sorta their job to know this stuff, isn’t it?) and Dr. Markus Jakobsson did not mention the anti phishing built into Firefox and Netscape either, but at least he did talk about some of the heuristics and laid to rest their misunderstanding of why a programmatic solution to phishing detection cannot work completely.

Frankly, I’d rather see Dr. Markus Jakobsson doing more Q&A rather than his speech because he obviously knows what he’s talking about and was much more interesting when he was just answering questions. Anyway, interesting 40 minute speech if you have the time (it’s got subtitles if you don’t want to play it out loud at work).

This entry was posted on Saturday, February 17th, 2007 at 9:48 pm and is filed under Webappsec, Phishing. You can leave a response as well.