First point of consensus (Was: [cap-talk] Firefox breaks the
principle of identifiability)
Ian G
iang at systemics.com
Sat Feb 12 10:06:10 EST 2005
David Hopwood wrote:
> Ben Laurie wrote:
>
>> On reflection, I am less convinced. The point I was trying to get at
>> was that a user, when presented with something allegedly PayPal,
>> would not see it matching his existing pet name for PayPal, and so
>> would be informed of the spoof.
>>
>> However, this relies on the user remembering that he _has_ an
>> existing pet name (and what it is), which is, by no means, a foregone
>> conclusion.
>
>
> It does not rely on that. If the user does not remember the pet name
> (given
> the prompt of also seeing the site content), then he does not ascribe any
> trust relationship as a result of seeing the petname, so there is no
> problem.
I as a user would not be happy with that.
I use computers to remember things for me, and if
it fails to remind me of things I didn't notice myself,
I'd say that's a shortfall. The fact that it isn't easy
to ascribe this failure to a simple bug in the program,
or a simple failing in the user doesn't obviate my
basic desire for the computer to do things that I
am having trouble doing.
This is one reason why A&A went into logos and
graphics; the branding effect is so much more
powerful than words, especially for the target
market they are looking at (it's in the title of the
paper). In the world of Coca-cola, if you ask for a
coke and get a Pepsi, then you have a chance to
decide if that's good or bad. And nobody would
dare hand out a no-name brand in a restaraunt;
which is essentially what a phisher preys on in
the net - no cryptographic branding.
iang
Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks
http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.htm
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list