Items tagged phishing in Jan, 2007
Filters: Year: 2007 × Month: Jan × phishing × Sorted by date
idproxy.net: Use your Yahoo! account as an OpenID
In an ideal world, some or all of the sites with large user databases (Yahoo!, AOL, Google, Amazon and so on) would act as OpenID providers, allowing their users to sign in to OpenID supporting sites around the Web. Until that happens, people who want to use OpenID need to sign up for Yet Another Account to do so.
[... 414 words]MySpace Allegedly Kills Computer Security Website. No need for the allegedly; it’s been confirmed. MySpace got GoDaddy.com to redirect DNS for seclists.org after a list of phished user accounts posted to the full disclosure mailing list list was archived there. # 26th January 2007, 9:57 am
MyOpenID: New anti-phishing tools available. Includes SafeSignIn, which removes the login form from the landing page. You have to enable it in your preferences though. # 24th January 2007, 3:02 pm
We have a unique opportunity with phishing and OpenID. OpenID can make the possibility for bad things to happen from phishing that much worse. However, having an OpenID means you create a more intimate relationship with your OpenID provider. You go there everyday. You will more likely know when something is wrong.
— Scott Kveton # 24th January 2007, 3:02 pm
Phishing and OpenID: Bookmarks to the Rescue? Ping extends my proposal to use bookmarks as the principle authentication mechanism, resulting in a system that is much easier for people to understand. # 21st January 2007, 1:36 am
XMPP OpenID server. An OpenID provider that sends you a Jabber message when you try to log in, to help guard against phishing. # 20th January 2007, 11:24 pm
I can also sum things up for you even more succinctly:
—users are task oriented, driving to complete the goal the
quickest way possible
—users pay more attention to the content area than the browser chrome
—users don’t understand how easy it is to spoof a website
— Mike Beltzner # 19th January 2007, 5:33 pm
Links to academic papers on phishing. Posted to the openid-general list by Mike Beltzner. # 19th January 2007, 5:32 pm
Solving the OpenID phishing problem
Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.
[... 531 words]Why don’t we have a .bank or .bank.country_code TLD that’s regulated by the same people that regulate the banks themselves?
— Dean Wilson # 7th January 2007, 10:22 pm