Richi Jennings

The Long View

Zulfikar Ramzan is correct about phishing

IT TOPICS:Desktop Apps, Government & Regulation, Internet, Security

Zulfikar Ramzan is right on in his demolition of Mikko Hypponen's idea for a ".bank" top-level domain.

Writing on Symantec's Security Response weblog, Zully basically... uhhh... urinates all over Mikko's plan (although he's a lot more diplomatic than that). Some choice cuts:

Phishers don’t have to use the .bank extension and most users will fail to notice ... if you look at almost every phishing site these days, the URL itself is a blatant giveaway that you’re not at an authentic site
...
The proposal will also lull users into a false sense of security for a number of reasons ... The bad guys may still be able to get .bank domains ... won’t stop phishing attacks that exploit cross-site scripting vulnerabilities ... Browsers are sometimes susceptible to address-bar overlay vulnerabilities. [read more]

Or, to put it another way, the problem with this proposal is that roughly half the population have below-average intelligence (hat tip: APHC).

Sure, it's easy to be a critic, but such ideas just waste energy that could be plowed into useful furrows, such as DKIM and domain-level reputation. See also: BofA Sitekey, Yahoo! Signin Seal, etc., etc.

Dropbox "kills" cloud open-source project, Dropship

Facebook photo privacy PANIC: Auto-tag apology and apologia

Osama bin Laden's email store found on USB sticks

Osama bin Laden dead; Twitter-body broke the story

Today's Top Stories

When IT gets to play: Skunk works projects

'Server huggers' present obstacle to cloud use

European regulators start investigating Carrier IQ

'Nothing but the facts' approach just won't work with business people

Mozilla declines to say if it's renewed lucrative Google deal

SAP faces cloud strategy questions with SuccessFactors buy

Hot Posts

Why Microsoft should fear Google's upcoming music and home-entertainment system

Posted by Preston Gralla |

WOA: Windows 8 on ARM bundles Office 15

Posted by IT Blogwatch |

Apple preps apps for 'truly amazing' iPad 3 (with Siri?)

Posted by Jonny Evans |

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Desktop Apps White Papers

Bank Raises the Bar on Service Delivery with Comcast: Read this exclusive case study to learn how Comcast and Eastern Bank teamed to maintain a secure, reliable network infrastructure for transferring and...
E-Discovery and Archiving: In this eGuide, Computerworld and sister publications CIO, Network World, and IT World examine some of
the hottest issues around e-discovery and archiving today....
Disaster Recovery for Oracle Exalogic Elastic Cloud: Oracle Maximum Availability Architecture (MAA) is the Oracle best practices blueprint for implementing Oracle high availability technologies and is one of the key...

Desktop Apps Webcasts

Virtual Desktops: From Wow to How webinar: Join us for this exclusive online event to get an insider's view on how to make desktop virtualization a reality in your company....
Data Protection and Information Governance: Date: January 10th, 2012
Time: 1:00 PM EST

Today, legal hold and information governance are increasingly becoming drivers for data protection. The duty to preserve...
IBM InfoSphere MDM Solutions for Telecommunications: Implementing MDM solutions, telecommunications companies have achieved increased profitability and wallet share, boosted customer retention and acquisition, and reduced operational costs.

IT Newsletters

Get the latest technology news and analysis on critical issues in the enterprise.

Zulfikar Ramzan is correct about phishing

Related Posts

Today's Top Stories

Hot Posts

Richi Jennings's Archive

IT Topics