SEAL Launches TLS Attestations Tool For Phishing Detection

[ad_1]

Cybersecurity nonprofit, Security Alliance, has released a new tool to help security researchers verify crypto phishing attacks, which led to more than $400 million stolen in the first half of this year.

On Monday, the Security Alliance (SEAL) announced that it had been working on a new tool to enable “advanced users and security researchers” to join the fight against crypto phishing by verifying that a reported phishing website is malicious.

Cybersecurity researchers often cannot see or replicate what users see when they encounter a potentially malicious link, as scammers have developed “cloaking features” to serve benign content to suspected web scanners, they added.

SEAL’s new tool, called the “TLS Attestations and Verifiable Phishing Reports” system, aimed at helping security researchers, will now help to prove the malicious website actually contains the phishing content the user claims to see.

“It’s intended to be a tool to help experienced ‘good guys’ work better together, rather than the average user,” SEAL told Cointelegraph.

“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”

How SEAL’s verifiable phishing reports work

The system works by having a trusted attestation server act as a cryptographic oracle during the TLS connection.

Transport Layer Security (TLS) is a web protocol that ensures secure communication over a computer network by encrypting data to protect it from eavesdropping and tampering.

The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details and sends them to the attestation server. The server handles all encryption/decryption operations while the user maintains the actual network connection.

*Attestation in action, identifying malicious links. Source: SEAL*

Verifiable Phishing Reports

Users can submit “Verifiable Phishing Reports,” which are cryptographically signed proofs showing exactly what content a website served them.

SEAL can then verify these are legitimate without needing to access the phishing sites themselves, making it much harder for attackers to hide their malicious content.

“This is a tool meant for advanced users and security researchers ONLY,” wrote SEAL on the GitHub download page.

Magazine: Bitcoin’s ‘macro whiplash,’ Shuffle suffers data breach: Hodler’s Digest

Subscribe now

To access premium content

Hong Kong could be the centre of the next NFT boom

Graphics Lifting For CropBytes Crypto Farming Game

Immortals and Fetch.ai Form Landmark Crypto Partnership

The Metaverse Creation, Ronin Wallet is Live & More News

What is Binamon? Ready For Launch On August 28

Binapet Review: Breeding BSC Play-to-Earn Game

The Galaxy of Lemuria Review – Play To Earn MMORPG

BLAST Premier 2022 – Betting Tips and Schedule

Zendodo Party Review: Where NFTs Meets DeFi on WAX

BLAST Premier 2022 – Betting Tips and Schedule

Is Overwatch League Getting Outsourced A Good Thing?

Genesis Worlds Interview With CEO Jason Cassidy

Dreamverse NFT Festival: Interview With Twobadour

Inside Axie Infinity With Jihoz – Growth Lead