-- Ka-Ping Yee wrote: > Passpet's strategy is to customize a button that you > click. We are used to recognizing toolbar buttons by > their appearance, so it seems plausible that if the > button has a custom per-user icon, users are unlikely > to click on a spoofed button with the wrong icon. > Unlike other schemes, such as special-looking windows > or a custom image shown with the login form, this > strategy requires the user to directly interact with > the customized UI element.
This seems like a promising tactic, since a first step in any process is "look for the button". If user does not see the button, will be troubled, will stop and think. Any customization is an effective anti phishing measure: Observe that eBay resists phishing by starting its emails by addressing each user by logon name, and Amazon resists phishing by extensively customizing its web page to each user - by supplying non cryptographic evidence of an existing relationship. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG O37xiq0aPJeqGc7fQTWWTY85hPPktIPGAwbDifVD 4bDTmZTlI9gWsmLu9xhSdisgc26xogVtQOnIi5/DI --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]