CarlosRivera wrote:
I guess microsoft does not have to worry about the IDN attack. I
wonder what they will actually prevent in terms of anti-phishing.
Oh, that's not so hard. If you look at the relationship-
based ideas (petnames, logos, user information displays)
there are plenty of things to do to take a chunk out of
the canonical phishing. The best thing IMHO would be
a return to the original security model by adding the
CA's logo on the chrome, and on top of that, adding
either a petname approach, or a user-chosen-site-logo
approach as with trustbar.mozdev.org.
The addition of the domain name on the status bar is
a good start, but it needs the CA to 'fix it' within a space.
Otherwise phishing just moves over to attacking the CAs
and that won't help any.
The yellow URL bar is great. But the additional padlock
inside the URL bar needs to be differentiated from the
favicon.
iang
Ian G wrote:
Last week's news was a big shift in the phishing scene.
http://www.financialcryptography.com/mt/archives/000361.html
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
