[cap-talk] Firefox breaks the principle of identifiability
Ian G
iang at systemics.com
Tue Feb 8 17:36:34 EST 2005
John Halleck wrote:
>I know of users that have been fooled by 'paypal.somename.cz'
>(I forget what the "somename" really was.)
>And users fall every day for the "one url in the link, different one between the A tags)
>trick.
>
>All the solutions given so far appear to assume the user is paying attention and reasonably bright.
>Nice assumption (possibly) for this group, but not in general.
>
>
Yes, this is why the logo and visuals and branding
approach is better than the pure pet names (words)
approach. I think adding the pet names would be
a good interim step, as also applies to the original
notions that I suggested (counts and tracking and
so forth) but the graphical approach is IMHO the
one to aim for.
It's also the furtherest along (with a nod to Marc's
progress plan) in that it is coded up in a Mozilla
plugin and it is backed by some experimental
evidence. More is needed (as the paper says),
but there is enough to say go for it.
Still, the main problem we are facing is not really the
choice of this approach v. petnames v. counts, but
lower down in the stack. At this stage the browser
manufacturers are still in the early stages of getting
their heads around the browser as a victim in
phishing; and concomitant with that, the notion
that there is anything wrong with HTTPS/PKI...
That's the value of Shmoo - pointing attention in
the right direction.
>It is a nice discussion, but baring smarter users, I think it is theoretical...
>Just my "its been a long day" two cents worth.
>
>
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list