A nonprofit organization focused on cybersecurity has released a new tool to help security researchers verify cryptocurrency phishing attacks, which resulted in over $400 million being stolen in the first half of this year.
On Monday, the Security Alliance (SEAL) announced that it has been developing a new tool that enables "advanced users and security researchers" to join the fight against cryptocurrency phishing by verifying whether reported phishing websites are malicious.
Cybersecurity researchers often cannot see or replicate what users encounter when they come across potentially malicious links, as scammers have developed "hiding features" that present benign content to suspected web scanners, they added.
SEAL's new tool is called the "TLS Proof and Verifiable Phishing Report" system, designed to assist security researchers by helping to prove that malicious websites indeed contain the phishing content that users claim to have seen.
"This is a tool aimed at helping experienced 'good guys' collaborate better, rather than targeting ordinary users," SEAL told Cointelegraph.
The system works by allowing a trusted proof server to act as an encrypted oracle during the TLS connection.
Transport Layer Security (TLS) is a network protocol that protects data from eavesdropping and tampering by encrypting it, ensuring secure communication over computer networks.
Users or researchers run a local HTTP proxy to intercept connections, capture connection details, and send them to the proof server. The server handles all encryption/decryption operations while the user maintains the actual network connection.
Users can submit "verifiable phishing reports," which are cryptographically signed proofs that accurately display what content the website provided to them.
SEAL can then verify that these are legitimate without having to access the phishing site themselves, making it harder for attackers to hide their malicious content.
"This is a tool for advanced users and security researchers only," SEAL wrote on the GitHub download page.
Related: The Siren Song of Yield: How USDe Circular Loans Triggered a Crypto Market Crash?
Original article: “Cybersecurity Team Security Alliance Launches TLS Proof Tool for Phishing Detection”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
