Simon Willison’s Weblog

Subscribe

Tuesday, 2nd October 2007

Cronto. I saw a demo of this the other day—it’s a neat anti-phishing scheme that also protects against man in the middle attacks. It works using challenge/response: an image is shown which embeds a signed transaction code; the user then uses an application on their laptop or mobile phone to decode the image and enters the resulting code back in to the online application.

# 1:14 am / phishing, cronto, security, maninthemiddle, signing, challengresponse, openid

Amazon makes you lie to log off (via) Amazingly, the only way to sign out of Amazon these days is to use the “If you’re not XXX, click here” link—the traditional “sign out” link has quietly vanished.

# 1:19 pm / amazon, security, signout, usability, infoworld