IanG wrote: > But, to explore that notion some, what do you see the > phishing pie as being outside HTTPS? > Are you just referring to HTTP? Or also to IM, mail, etc?
Well yah HTTP, IM, email, FTP, anything that uses DNS is somewhat susceptible, although the other protocols are less prone to phishing for reasons I'm sure we can all deduce, but the threat is there. Something else I find interesting, is that if you tell users to look for HTTPS, you'll get either a lot of confused users or a lot of HTTPS web site redesigns or both. I feel this way because many sites have an HTTP username/password login page that POSTS the login information to an HTTPS site, it's still just as secure but is pretty much transparent to the user unless they view source and know what to look for. It's this way for Bank of America, American Express, Hotmail, etc, etc, etc... Simply telling users to look for HTTPS isn't good enough imho. -Alex _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
