WebAppSec gurus, I recently had some time on my hands to write up a whitepaper covering a topic that I've been repeatedly queried about over the years - how can you tell which person "stole" a copy of your Web application content and used it to build a phishing or fraud site? It's not a particularly easy question to answer, but there are a number of things that can be done to help this identification task. One useful component of that identification process is the embedding of unique tagging information within the content of the application. This process, referred to as Distribution Tracing, can be applied to the images used to construct the Web site. The paper "Anti-fraud Image Solutions" is now available on my Web site - http://www.technicalinfo.net/papers/AntiFraudImageSolutions.html ...and there's a blog on the topic over at - http://technicalinfodotnet.blogspot.com/2009/04/who-cloned-web-site-heres-ho w-to-tell.html Hope the paper proves insightful for some of you having to advise your customers directly. I'll offer a beer at BlackHat Las Vegas this year to the first person to name 3 large international banks that already use this tracing process, and the algorithm they went with :-) Cheers, Gunter Ollmann
