CAPTCHA security for Phishing: Secure or not?


Addressing recent online banking threats, the banking industry offers us several solutions for our safety online banking experience, however those solutions may not finally secure the users under the rising threats. The main challenges are how to enable safe online banking on a compromised host, and solving the general ignorance of security warning.
CAPTCHA is primarily used to anti bot automated login, also, CAPTCHA base application can further provides secure PIN input against keylogger and mouse-logger for Bank’s customer.

Assuming users are always unconscious of security warning in our model, we have designed a series of attacks and defenses under this interesting condition. We will start by formalizing a security defense utilizing CAPCTCHA, its limitations are analyzed; Then, we will attack a local bank employing CAPTCHA solution, which we show how its can be bypassed from its vulnerability in its implementation. We further introduce – Control-Relaying Man-In-The-Middle (CR-MITM) attack, a remote attack just like a Remote Terminal Service that can capture and relay user inputs without local Trojan assistant, which is possible to defeat CAPTCHA phishing protection in the future. Under our model, we conclude, visual security defense alone is feeble for anti-phishing.

If you are you interested in this seminar topic, mail to us to get

the full report * of the seminar topic.

Mail ID: - 

* conditions apply

– OR –

Click here for Quick Contact (Request for Topics)

  • © 2008 – 2013 seminars4you,

  • All rights reserved.