On 2011-09-20 6:48 AM, James A. Donald wrote:
On 2011-09-20 5:16 AM, Nico Williams wrote:
As for out-of-band phishing, well, that's the hardest to protect
against for the simple reason that some phishing e-mail is always
bound to get through and prey on the elderly and naive. I'm not sure
what we can really do about this
Suppose that zero knowledge logon is widely implemented:
Suppose that shared secrets are normally entered in an application that
looks strikingly different from a normal web page. It has a colorful and
irregular non rectangular window that differs from one user to the next,
and it always positions itself an other windows so that it overlaps both
the web page, and the desktop or whatever non web apps happen to be
there. This deliberately different, since all normal overlaps are
rectangular.
The Phisher has to ask the victim to enter credentials in a non
standard, unusual manner, something noticeably different from what the
victim normally does, in an application that looks noticeably different
from the normal This will automatically trigger most people's reflexive
suspicion.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
