[cap-talk] A petname toolbar for Firefox
Karp, Alan H
alan.karp at hp.com
Wed Feb 23 11:47:35 EST 2005
Ping wrote:
>
> Along the same lines, there is another problem with your current
> petname toolbar design: it is only useful on SSL sites. I have
> received 12 phishing attempts in my mailbox so far this February;
> how many do you suppose the petname toolbar would affect? Zero.
> All 12 entice the user to click on an http:// link with a numeric
> IP address. Similarly, of the 15 phishing attacks listed at
> http://antiphishing.org/, only one uses an SSL link. Based on
> that evidence, a browser that outlawed form submission on numeric
> IP address URLs would have a much greater success rate at defeating
> phishing than the petname toolbar.
>
Many of the phishing mails that I've seen have text with https, but the
underlying link uses http.
It doesn't matter if the phishing site uses https or not. What matters
is that the banking site uses https. The point is that assigning the
petname to the banking site that uses https gives me the information I
need to detect phishing regardless of the phishing protocol.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20050223/37c0ae40/KarpAlanH.vcf
More information about the cap-talk
mailing list