I think positive action should be taken, not negative action (Highlighting for known domains is a negative action when you're concerned with unknown possibly spoofed domains.)
1. Set up a "protected list". This is a list of domains which may possibly be interesting for an attack. A protected list may be derived from the history information as mentioned, or, why not charge interested parties to be included in the protected list. 2. Compare the image of the text as it appears on the screen to the image as they would appear for the items in the "protected list", and mark it /alert if it is very similar. (Positive marking instead of negative marking) What could be wrong with that? But instead of highlighting / alert popup, how about switching to a different theme, which is a more general way of putting it: the familiar web site theme, vs. the possibly dangerous website theme, vs. the known to be evil website theme, vs.etc etc.? Also, relying on the history list is not that secure in a different sense: It would require a long history list, which some users would prefer to keep short, because of privacy. Stephan On Thu, 10 Feb 2005 06:46:25 -0800 (PST), [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Duane wrote: > > Ruari Callow wrote: > > > > > Finally an extra advantage of this method is that it helps prevent > > > other types of spoofing, for example when fraudsters substitute > ASCII > > > characters (e.g. '0' for 'o'). > > > > Couple of small things, the sites might figure out some way to > > automatically either by tricking the user to book mark it, or some > > trojan etc to automatically do it (this being the case they have > bigger > > problems) and with the frequantly hit thing you'd have to be careful > as > > to what you count as hits to prevent sites from again tricking the > user > > into a couple of hits to their website, or some javascript to loop > pages > > etc... > > If sites are automatically bookmarked that is a new flaw, in which case > it > should be looked at in its own right. Same with the Trojan. > > Regarding what counts as hits. I was thinking along the lines of ten > vists > to the site on different days. > > _______________________________________________ > Mozilla-security mailing list > [email protected] > http://mail.mozilla.org/listinfo/mozilla-security > _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
