Teach a Man NOT to Phish.
There’s been a lot of changes recently to Internet security done mostly by browsers to improve the online safety of Web users. Even though I have a security background, I have some serious issues with the stance browsers and other technology companies have been taking in improving Internet security. My major concern is that not enough is being done to educate end-users.
I understand that there has always been an epic battle between businesses, tech people, and end-users, in regards to educating the everyday computer user. I know it has been a losing battle and understand that companies often resort to “well, if the user is going to be dumb, then I’ll just do everything I can to prevent them from making a mistake”. This mentality is, in an of itself, a mistake. Non-educated users are prone to finding innovative ways to make mistakes, regardless of the safeguards we put in place, despite the amount of preventive security that is put in place.
If you’ve ever seen a site that looks like this, you’ve been “saved” by a browser’s attempt to block “bad” sites. The problem with this is that your safety net, as a user, is dependent entirely upon a browser‘s ability to scan millions of sites and be able to differentiate between those that are good and those that are bad.
Unfortunately, browsers will never be able to catch all bad sites, some are going to get through and users will be defenseless. At some point, we will need to weight which losing battle we will want to fight. So far educating users has not been a popular choice of action, however, there are some changes in the horizon.
I came across a new Web site by Verisign, Phish or No Phish, which quizzes users on which sites are phishing Web sites, and which are real Web sites. It then promotes the use of EV (Extended Validation) SSL Certificates (the green bar on the browser) to identity secure domain names. I like that the approach taken was to educate the end-user on the reality of bad online and how to spot those sites that are bad. I also thought that the Verisign quiz was biased towards having users miss more questions than normal so that they can then show how bad the problem really is. Again, I have a security background and admit that I did not get 100% of the phishing sites on the quiz.
The problem, really, is that most phishing Web sites come from non-standard domain names for the company being copied. Verisign, on the otherhand, user man-in-the-middle (same domain name on both screenshots) for all but one of their quiz questions. Hate to break it to Verisign, but very little of the phishing sites out there operate this way. Most are coming from the garbage domain names. In any case, the overall, the positive effect here is that more emphasis is being placed on educating users.
As technology professionals we can only do so much. Eventually, our users will be left on their own and will have to stand on their own two legs, the question, then, is “will they do the right thing?” I certainly hope that we see more of this from technology companies.
Sites we Like……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
[...] that is the end of this article. Here you’ll find some sites that we think you’ll appreciate, just click the links over[...]……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
Recommeneded websites…
[...]Here are some of the sites we recommend for our visitors[...]……
[...]Sites of interest we have a link to[...]……
[...]usually posts some very interesting stuff like this. If you’re new to this site[...]……
[...]The information mentioned in the article are some of the best available [...]……
[...]below you’ll find the link to some sites that we think you should visit[...]……
[...]the time to read or visit the content or sites we have linked to below the[...]……
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
Read More…
[...]…We like this Blog…[...]…
Visitor recommendations…
[...]one of our visitors recently recommended the following website[...]……
Wow!…
A very fascinating post….
[...]we like to honor many other internet sites on the web, even if they aren’t linked to us, by linking to them. Under are some webpages worth checking out[...]……
[...]Here are some of the sites we recommend for our visitors[...]……
Hello…
Very interesting topic , regards for posting . “Nobody outside of a baby carriage or a judge’s chamber believes in an unprejudiced point of view.” by Lillian Hellman….
Sites we Like……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
[...]Sites of interest we have a link to[...]……
[...]usually posts some very interesting stuff like this. If you’re new to this site[...]……
Gems form the internet…
[...]very few websites that happen to be detailed below, from our point of view are undoubtedly well worth checking out[...]……
[...]The information mentioned in the article are some of the best available [...]……
[...]below you’ll find the link to some sites that we think you should visit[...]……
Sites You Should Check Out…
http://www.demo.getlisted.co.nz/marketing-auckland...
Great information…
This is often brilliant. United states looked at this delighted therefore we are bowled over. We are most certainly attracted to this type of steps. Another appreciate your chosen contribution, and worth the effort inside this. Please keep enhancing. T…
Related……
[...]just beneath, are numerous totally not related sites to ours, however, they are surely worth going over[...]……
Websites worth visiting…
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
Cool sites…
[...]we came across a cool site that you might enjoy. Take a look if you want[...]……