, Washington Post 2004-07-29
Maybe it's time we all went to digital self-defense school. How else can we learn how to deflect the Internet thieves pounding on our electronic doors?
Expand all |
Post comment
|
Internet Snagged In the Hooks Of Phishers
, Washington Post 2004-07-29 Maybe it's time we all went to digital self-defense school. How else can we learn how to deflect the Internet thieves pounding on our electronic doors?
Expand all |
Post comment
|
|
|
Privacy Statement |
has figured out how to make money with such an authentication service. And without one, Litan worries that e-commerce could be headed for trouble. "
This is just asinine. That "web-wide tool to help us know we are visiting a legitimate site" is SSL. That's exactly what it does.
The real problem is that HTML has gotten too powerful, and the browsers don't keep web sites in their box, so for instance, a web site can open a new window with no chrome, and put back in fake chrome for the browser components (they actually do this), well enough that you can even see a lock icon, click on it and view certificate, etc. The infrastructure to securely identify sites is perfectly fine, if more people would use it. The real problem is that we need browser restrictions (similar to current anti-popup stuff) that would prevent construction of a fake browser. This wouldn't be too easy to devise, but should be doable, and has absolutely nothing to do with anyone making money from an authentication service. (And someone should tell Verisign and Thawte that nobody has figured out how to make money from an authentication service.)
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/9235/27743#27743