The URLephant in the Room - Emily Stark, Google - USENIX Enigma Conference - 2019
USENIX Enigma Conference via YouTube
Overview
Explore the challenges and limitations of using URLs as a security mechanism in this thought-provoking conference talk from USENIX Enigma 2019. Delve into the complexities of user behavior, browser security, and phishing attacks as Google's Emily Stark examines the "URLephant in the room." Learn about the Chrome usable security team's approach to measuring the effectiveness of website identity indicators and consider whether it's time to abandon URLs as a user-facing security tool. Gain insights into homograph attacks, warning design analysis, and incremental approaches to improving web security. Discover the potential need for breaking traditional usable security rules in the quest for better solutions to protect users online.
Syllabus
Intro
Screenshot
The URL
Browsers
Phishing Attacks
Our Approach
Emily
Do you understand URLs
Research
URL display bugs
Homograph attacks
Minor detour
Eevee certificates
Ablation experiment
Silver Bullet
Incremental Approaches
Trickery
URL Display Manual
Chrome Warning
ITN Warning
Warning Design Analysis
Website Identity
Thank you
Taught by
USENIX Enigma Conference