[Flug] [schneier: Microsoft Anti-Phishing and Small Businesses]

Leandro Noferini lnoferin@cybervalley.org
Sab 23 Dic 2006 12:26:54 CET 

Ciao a tutti,

visto che se ne parlava anche qui.

----- Forwarded message from schneier -----

Subject: Microsoft Anti-Phishing and Small Businesses
From: schneier
Date: Thu, 21 Dec 2006 06:58:20 -0600

   Microsoft has a new anti-phishing service in Internet Explorer 7 that will
   turn the address bar green and display the website owner's identity when
   surfers visit on-line merchants previously approved as legitimate. So far,
   so good. But the service is only available to corporations: not to sole
   proprietorships, partnerships, or individuals.

   Of course, if a merchant's bar doesn't turn green it doesn't mean that
   they're bad. It'll be white, which indicates "no information." There are
   also yellow and red indications, corresponding to "suspicious" and "known
   fraudulent site." But small businesses are [1]worried that customers will
   be afraid to buy from non-green sites.

   That's possible, but it's more likely that users will learn that the
   marker isn't reliable and start to ignore it.

   Any white-list system like this has two sources of error. False positives,
   where phishers get the marker. And false negatives, where legitimate
   honest merchants don't. Any system like this has to effectively deal with
   both.

   EDITED TO ADD (12/21): Research paper: "[2]Phinding Phish: An Evaulation
   of Anti-Phishing Toolbars," by L. Cranor, S. Egleman, J. Hong, and Y.
   Zhang.

   [3][IMG] [4][IMG] [5][IMG]

   [6]link

References

   Visible links
   1. http://online.wsj.com/public/article/SB116649577602354120-5U4Afb0JPeyiOy1H_j3fVTUmfG8_20071218.html?mod=rss_free
   2. http://www.cylab.cmu.edu/files/cmucylab06018.pdf
   3. http://feeds.feedburner.com/~f/schneier/fulltext?a=jXPkGvOy
   4. http://feeds.feedburner.com/~f/schneier/fulltext?a=wEsz6E40
   5. http://feeds.feedburner.com/~f/schneier/fulltext?a=YNcQJAb0
   6. http://www.schneier.com/blog/archives/2006/12/microsoft_antip.html

----- End forwarded message -----

-- 
Ciao
leandro
Un esteso e "normale" uso della crittografia è il sistema più forte
per rivendicare il diritto alla privacy nelle comunicazioni
telematiche: come tutti i diritti e come i muscoli se non viene
esercitato costantemente si atrofizza e va perso.

-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome:        non disponibile
Tipo:        application/pgp-signature
Dimensione:  189 bytes
Descrizione: Digital signature
URL:         <http://lists.linux.it/pipermail/flug/attachments/20061223/a98dd1e5/attachment.pgp>

Maggiori informazioni sulla lista flug