[security] How to prevent phishing...

[gaz_sec at hushmail.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Someone on this list sent me a link to the safe seal which is
indeed very similar, the only problem I can see with that technique
is that it is not fully accessible, I would suggest a combination
of picture and passphrase for the visually impaired.

On Sat, 14 Apr 2007 02:23:45 +0100 Allen Tom <atom at yahoo-inc.com>
wrote:
>Gareth -
>
>Yahoo does this using the Sign In Seal on the Login screen. Users
>may
>create a personalized icon that is tied to their browser and is
>only
>displayed on the Yahoo Login screen.
>
>Because Phishing sites are unable to display the Sign In Seal, we
>are
>trying to educate users to always look for their Sign In Seal
>before
>they login.
>
>More info about the Yahoo! Sign-in Seal is here:
>http://help.yahoo.com/l/us/yahoo/edit/privacy/index.html
>
>Allen
>
>
>Johannes Berg wrote:
>> On Wed, 2007-04-11 at 10:16 +0100, gaz_sec at hushmail.com wrote:
>>
>>
>>> I've come up with an idea for peventing phishing, I would love
>to
>>> hear everyone's thoughts:-
>>> http://www.thespanner.co.uk/2007/04/11/how-to-prevent-phishing/
>>>
>>
>> Btw. myopenid.com does this with a "personal icon"
>>
>> johannes
>>
>> -----------------------------------------------------------------
>-------
>>
>> _______________________________________________
>> security mailing list
>> security at openid.net
>> http://openid.net/mailman/listinfo/security
>>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkYh/0gACgkQrR8fg3y/m1CeVAP/ZLxSGhuoidZBcp662gdR3UTgei25
knpuKZEXtdDdo0gdAA6Mh2cdaGNrErtUvAWPKelHY8v3eq2g2osseZdYHtjoJv9H99Gk
Q4ArYZMgs+8KzoiYTWqWkrTaYjIT+yC1jirfcW8mVS8JoOB+79TXT9jlK82mw98PfLeL
/siU+Rs=
=xNkN
-----END PGP SIGNATURE-----

--
Click to become a master chef, own a restaurant and make millions
http://tagline.hushmail.com/fc/CAaCXv1QhbNCuSXs0aPWnTYP1mrXpN0t/