[cap-talk] Re: First point of consensus
Sandro Magi
smagi at naasking.homeip.net
Wed Feb 9 19:25:22 EST 2005
> Tyler Close wrote:
>> Ian, did you read David Hopwood's email quoting Dijkstra's
>> "integralism"? If not, I think you should. The phenomenon is highly
>> applicable.
>>
>> I think the petname toolbar is a solution to the phishing problem, not
>> to the virus problem.
>
> Exactly. The arguments for pet names don't "assume away" viruses, they
> treat separate problems separately.
>
> ("separate" is not the same thing as "totally independent". In fact
> security improvements that address phishing will help to close one
> vector for viruses.)
I concur, but I think this disagreement just highlights out the danger of
unqualified absolute statements.
Given Tyler's statements:
1. The petname toolbar conveniently presents all the information needed to
avoid a phishing attack.
2. An attacker cannot trick the petname toolbar into assisting the
deception.
I think it's important that everyone keep in mind, or that people
reiterate when making such statements, that we are working within "the
browser domain". The browser itself is obviously still vulnerable to the
subsystems upon which it depends as Ian stressed; via petnames, Tyler is
attempting to solve the vulnerabilities the browser itself introduces.
Sandro
More information about the cap-talk
mailing list