Also, homoglyph attacks are possible on anything a user could recognize (email identifiers, usernames), and these are terrifyingly easy to pull off. Just this attack alone imo means we need to stop relying on users (ie: do I recognize this email address) for verification and exclusively use 1) artifacts that dont rely on humans and 2) computers for verification. Phishing is well understood by researchers yet highly effective (whelp).
How can you completely avoid people having to recognize something? Doesn't it always start with human verification at some point?
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
