Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Browsers, phishing, and user interface design
Scott Granneman, 2006-06-05

Phishing works for so many reasons, we need to rethink browser and user interface design to provide some real-life security to the average user who doesn't see or understand the security cues.

Comments Mode:
Sure. Lots of ideas... 2006-06-05
Anonymous (2 replies)
Your First Statement Is Right 2006-06-06
Anonymous (1 replies)
Re: Your First Statement Is Right 2006-06-07
Anonymous (1 replies)
Re: Re: Your First Statement Is Right 2006-06-08
Anonymous
Re: Sure. Lots of ideas... 2006-06-24
Anonymous
Browsers, phishing, and user interface design 2006-06-06
Anonymous
Browsers, phishing, and user interface design 2006-06-06
TJ
Browsers, phishing, and user interface design 2006-06-06
Anonymous (1 replies)
If the user doesn't click the link in their email, it doesn't matter whether or not they pay attention to padlock icons, or if they think the site is safe because it's got a favicon. (obviously those things are still issues for other reasons however.)

Trying to address the phishing problem by fixing the web UI doesn't make sense to me when the real problem is a step or two before they get to the website.

With that in mind, one of the best ways I can think of to help users avoid phishing is to have them read email in plain text.

Doing so would make it readily apparent (to html savvy users) that the link is false, and users that can't read the html code would just see a bunch of gobbledygook and be likely to ignore the message.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/405/33692#33692
Re: Browsers, phishing, and user interface design 2006-06-06
Anonymous (2 replies)
Re: Re: Browsers, phishing, and user interface design 2006-06-08
Anonymous
Re: Re: Browsers, phishing, and user interface design 2006-06-16
Anonymous
Browsers, phishing, and user interface design 2006-06-06
infamous41md
Browsers, phishing, and user interface design 2006-06-06
Todd Knarr
Email should be as in the begining: text ONLY 2006-06-07
Anonymous
Well, lets hope we find White Hats 2006-06-07
Anonymous
Education & Two-factor authentication 2006-06-07
Wolfy
Browsers, phishing, and user interface design 2006-06-07
GeeksAreSexy
Browsers, phishing, and user interface design 2006-06-07
Anonymous
Browsers, phishing, and user interface design 2006-06-07
Andydread
Browsers, phishing, and user interface design 2006-06-07
Glenn
Send them to AOL 2006-06-07
Anonymous
Browsers, phishing, and user interface design 2006-06-08
Anonymous
The article tells tells you atleast one simple answer 2006-06-08
Matthew
Stop babying people 2006-06-09
Anonymous
Browsers, phishing, and user interface design 2006-06-09
Ron Jennings
Wrong end to start patching 2006-06-12
Thomas Nilsen (1 replies)
Re: Wrong end to start patching 2006-06-12
Anonymous
Browsers, phishing, and user interface design 2006-06-14
Andre
Ingredients of possible solutions 2006-06-16
S. Lo Presti
Users ignore alert messages... 2006-06-20
Anonymous
simple: 2006-06-24
ailaG
Browsers, phishing, and user interface design 2006-07-03
wurzlsepp







 

Privacy Statement
Copyright 2008, SecurityFocus