Gervase Markham wrote:
Alex Wight wrote:
Well yah HTTP, IM, email, FTP, anything that uses DNS is somewhat
susceptible, although the other protocols are less prone to phishing for
reasons I'm sure we can all deduce, but the threat is there.
No-one (statistically speaking) buys stuff over IM, email or FTP.
I'm not sure why "buying stuff" is being brought
up here. Phishing as an attack is generally about
extracting information. The whole class of identity
fraud covers a huge range of tricks that the phisher
uses to get the information. It just so happens that
the user is trained to enter in their details in a
HTTP form, so that's a great way to trick her. That
doesn't mean she's buying anything at the time,
though.
(There was once a notion that HTTPS was invented
for the purpose of protecting credit cards ... which
I suppose one could consider to be a historical
footnote. But, no security discussion should rely on
that. As an example, the design of SSL+HTTPS
specifically ignores issues of payments and buying
security.)
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
