SEAL Launches TLS Attestations Tool For Phishing Detection

Cybersecurity nonprofit, Security Alliance, has released a new tool to help security researchers verify crypto phishing attacks, which led to more than $400 million stolen in the first half of this year.

On Monday, the Security Alliance (SEAL) announced that it had been working on a new tool to enable “advanced users and security researchers” to join the fight against crypto phishing by verifying that a reported phishing website is malicious.

Cybersecurity researchers often cannot see or replicate what users see when they encounter a potentially malicious link, as scammers have developed “cloaking features” to serve benign content to suspected web scanners, they added.

SEAL’s new tool, called the “TLS Attestations and Verifiable Phishing Reports” system, aimed at helping security researchers, will now help to prove the malicious website actually contains the phishing content the user claims to see.

“It’s intended to be a tool to help experienced ‘good guys’ work better together, rather than the average user,” SEAL told Cointelegraph.

“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”

How SEAL’s verifiable phishing reports work

The system works by having a trusted attestation server act as a cryptographic oracle during the TLS connection.

Transport Layer Security (TLS) is a web protocol that ensures secure communication over a computer network by encrypting data to protect it from eavesdropping and tampering.

The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details and sends them to the attestation server. The server handles all encryption/decryption operations while the user maintains the actual network connection.

Attestation in action, identifying malicious links. Source: SEAL

Verifiable Phishing Reports

Users can submit “Verifiable Phishing Reports,” which are cryptographically signed proofs showing exactly what content a website served them.

SEAL can then verify these are legitimate without needing to access the phishing sites themselves, making it much harder for attackers to hide their malicious content.

“This is a tool meant for advanced users and security researchers ONLY,” wrote SEAL on the GitHub download page.

Magazine: Bitcoin’s ‘macro whiplash,’ Shuffle suffers data breach: Hodler’s Digest

What's Hot

Vitalik Buterin admits his biggest design mistake since 2017

New post-quantum signatures are 40x larger, threatening to crush network throughput and user costs

Fundstrat’s Tom Lee sees Bitcoin and Ethereum price breakout after precious metals peak

SEAL Launches TLS Attestations Tool For Phishing Detection

Ripple Executives Weigh Staking Addition For XRP Ledger

MSCI Review Puts Digital Asset Treasury Companies Under Pressure

XRP Price Slides 15% — Can Bitwise XRP ETF Stop The Drop

Bitcoin Sentiment Mixed as Traders Debate Prices From 70K to 130K

TRON (TRX) Above $0.31, But Is It Just the Beginning? Key Metric Shows Buyers Dominating

A Chainlink (LINK) Pullback To $16 Could Set Up Parabolic Price Rally

CleanSpark Posts Record Revenue In Best Quarter Ever

What's Hot

SEAL Launches TLS Attestations Tool For Phishing Detection

How SEAL’s verifiable phishing reports work

Verifiable Phishing Reports

Related Posts