The post SEAL Launches TLS Attestations Tool For Phishing Detection appeared on BitcoinEthereumNews.com. A cybersecurity nonprofit has released a new tool to help security researchers verify crypto phishing attacks, which led to more than $400 million stolen in the first half of this year. On Monday, the Security Alliance (SEAL) announced that it had been working on a new tool to enable “advanced users and security researchers” to join the fight against crypto phishing by verifying that a reported phishing website is malicious.  Cybersecurity researchers often cannot see or replicate what users see when they encounter a potentially malicious link, as scammers have developed “cloaking features” to serve benign content to suspected web scanners, they added. SEAL’s new tool, called the “TLS Attestations and Verifiable Phishing Reports” system, aimed at helping security researchers, will now help to prove the malicious website actually contains the phishing content the user claims to see.  “It’s intended to be a tool to help experienced ‘good guys’ work better together, rather than the average user,” SEAL told Cointelegraph.  “What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.” How SEAL’s verifiable phishing reports work The system works by having a trusted attestation server act as a cryptographic oracle during the TLS connection.  Transport Layer Security (TLS) is a web protocol that ensures secure communication over a computer network by encrypting data to protect it from eavesdropping and tampering. Related: Venus Protocol user suffers $13.5M loss from phishing attack The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details and sends them to the attestation server. The server handles all encryption/decryption operations while the user maintains the actual network connection.  Attestation in action, identifying malicious links. Source: SEAL Verifiable Phishing Reports… The post SEAL Launches TLS Attestations Tool For Phishing Detection appeared on BitcoinEthereumNews.com. A cybersecurity nonprofit has released a new tool to help security researchers verify crypto phishing attacks, which led to more than $400 million stolen in the first half of this year. On Monday, the Security Alliance (SEAL) announced that it had been working on a new tool to enable “advanced users and security researchers” to join the fight against crypto phishing by verifying that a reported phishing website is malicious.  Cybersecurity researchers often cannot see or replicate what users see when they encounter a potentially malicious link, as scammers have developed “cloaking features” to serve benign content to suspected web scanners, they added. SEAL’s new tool, called the “TLS Attestations and Verifiable Phishing Reports” system, aimed at helping security researchers, will now help to prove the malicious website actually contains the phishing content the user claims to see.  “It’s intended to be a tool to help experienced ‘good guys’ work better together, rather than the average user,” SEAL told Cointelegraph.  “What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.” How SEAL’s verifiable phishing reports work The system works by having a trusted attestation server act as a cryptographic oracle during the TLS connection.  Transport Layer Security (TLS) is a web protocol that ensures secure communication over a computer network by encrypting data to protect it from eavesdropping and tampering. Related: Venus Protocol user suffers $13.5M loss from phishing attack The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details and sends them to the attestation server. The server handles all encryption/decryption operations while the user maintains the actual network connection.  Attestation in action, identifying malicious links. Source: SEAL Verifiable Phishing Reports…