WWW 2008 / Panel Overview April 21-25, 2008 · Beijing, China Panel Protecting the Web: Phishing, Malware, and Other Security Threats Organizer: Greg Aaron Afilias, Horsham, PA USA +1-215-706-5700 gaaron@afilias.info Katharine A. Bostik Microsoft Corporation, South East Asia Edmon Chung DotASIA Organisation, Hong Kong Rod Rasmussen Internet Identity United States PANEL SUMMARY Web site operators, Internet users, and online service providers are besieged by a growing array of abuses and threats. Spam leads users to online scams and phishing Web pages, which cyber-criminals use to steal users' financial data and passwords. Other criminals use Web sites to spread malware, which can steal personal data or take over users' computers into a botnet, which can be used to send spam or mount cyber-attacks against Web sites and other Internet services. Together, these abuses undermine user trust, hamper e-commerce, and cost the Internet community huge losses in money, service and support costs, and time. What should Web site operators and online service providers do to protect themselves and their users? What are Internet companies, organizations, and law enforcement doing (and not doing) to combat these problems? And how can the international Internet community work together on these problems? The panel brings together representatives from the chain of organizations that respond to Internet abuse problems, and promises a lively, compelling, and relevant discussion. with external organizations and law enforcement to protect children impacted by the Internet. Prior to joining Microsoft, Katharine served as a U.S. federal prosecutor for over 11 years. Rod Rasmussen, Internet Identity, United States Rod is widely recognized as a leading expert on the abuse of the domain name system by phishing criminals. He is co-founder of Internet Identity, which provides anti-phishing services to hundreds of large and small banks and financial institutions in the U.S. and Europe. He serves on the steering committee for the Authentication and Online Trust Alliance (AOTA), is an active member of Digital PhishNet, a collaboration between industry and law enforcement, and is the Anti-Phishing Working Group's liaison to ICANN, the international oversight body for domain names. Rasmussen earned an MBA from the Haas School of Business at UC-Berkeley and holds two bachelor's degrees, in Economics and Computer Science, from the University of Rochester. Edmon Chung, DOTAsia Organisation, Hong Kong Edmon is CEO of DotAsia Organisation, the operator of the new .ASIA top-level domain. DotAsia is a not-for-profit, community-based organisation based in Hong Kong. Edmon is an inventor of patents underlying technologies for internationalized domain names (IDN) and email addresses on the Internet. Edmon is currently serving as the Vice Chair for the Internet Society HK, as an elected member of the Elections Committee of the Hong Kong Special Administrative Region, an elected councillor of the ICANN GNSO Council, and to the Secretariat for the ICANN APRALO (Asia Pacific At-Large Organisation). Categories & Subject Descriptors: K.4.1 [Public Policy Issues]: Abuse and Crime Involving Computers General Terms: Security, Legal Aspects, Reliability Katharine Bostik, Microsoft Corporation, Southeast Asia Katharine is Microsoft's Senior Director of Legal and Corporate Affairs in South East Asia. She is responsible for leading Microsoft's efforts across South Asia Pacific in developing and implementing Microsoft's Internet safety initiatives, focused on protecting the public from threats including malicious code, botnets, spam, online fraud, and other cyber attacks. She collaborates with governments, industry, law enforcement, and consumers to build partnerships focused on public policy, education, and enforcement. Katharine is also leading Microsoft's efforts in protecting children online by working Copyright is held by the author/owners WWW2008, April 21-25, 2008, Beijing, China ACM 978-1-60558-085-2/08/04. 1253 WWW 2008 / Panel Overview April 21-25, 2008 · Beijing, China intellectual property issues and Internationalized Domain Names (IDNs). Greg advises the Government of India regarding domain and related Internet policies. He is a member of the W3C's Internationalization Core Working Group and previously worked at Internet companies such as Travelocity. Greg graduated magna cum laude from the University of Pennsylvania. Greg Aaron, Afilias, United States Greg is Director of Key Account Management and Domain Security at Afilias. He serves on the steering committee of the Anti-Phishing Working Group (APWG), the international panindustrial and law enforcement association focused on eliminating identity theft resulting from phishing, pharming, and email spoofing of all types. His company, Afilias, operates the .INFO top-level domain (TLD) and provides technical and advising services for thirteen other TLDs, including .ORG and .IN (India). Mr. Aaron oversees Afilias' security programs, designed to address domain name abuses such as phishing, spam, and malware. He is also expert on domain name Additional Panelist to be announced 1254