[security] Phishing: Bookmarks to the rescue?
Ka-Ping Yee
openid at zesty.ca
Sun Jan 21 07:47:29 UTC 2007
> btw: we should decide where we will have the conversation. Here or on
> your blog! :-)
Right, let's stay here on the list.
> I think it is an interesting stab at how to solve the problem -- but
> I think the core part of your strategy was the lack of the Referer:
> header, which is easily defeated.
The core part of the strategy, and the core untested claim, is that
users can develop the habit of using a bookmark to log in. If they
use the bookmark, they're safe; if they don't, they're not.
The Referer: header is not a phishing defense; it is a training
mechanism intended to force users to habituate on the safe procedure.
-- ?!ng
More information about the security
mailing list