[15739] in cryptography@c2.net mail archive
Re: Using crypto against Phishing, Spoofing and Spamming...
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Sun Jul 11 19:57:42 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 11 Jul 2004 10:49:52 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Hal Finney <hal@finney.org>, cryptography@metzdowd.com
In-Reply-To: <87vfgv4xpw.fsf@deneb.enyo.de>
This is a multi-part message in MIME format.
--------------020900000504030403010906
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
> There still remains the issue that you can provide a good visual
> approximation to any peace of software just by using JavaScript and
> HTML. I fear that too many users would fall for that. 8-(
We think that the trusted credenatials and logo area will provide some
protection against this as well,
since you get very clear indication of running an insecure site (see
screen shots)... of course I agree with you that we should validate this
intuition with user studies (and I'm trying to arrange these).
>
>>In considering such solutions, it is important to distinguish threat
>>models. Phishing is so harmful because it succeeds without even breaking
>>in to users' computers.
Agree!
>
> But is it so harmful? How much money is lost in a typical phishing
> attack against a large US bank, or PayPal?
The Gartner study I've cited in my paper (off my homepage), and some
other publications I've seen, claim very high actual damages.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
--------------020900000504030403010906
Content-Type: text/x-vcard; charset=utf8;
name="herzbea.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="herzbea.vcf"
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:herzbea@cs.biu.ac.il
title:Associate Professor
tel;work:+972-3-531-8863
tel;fax:+972-3-531-8863
x-mozilla-html:FALSE
url:http://AmirHerzberg.com
version:2.1
end:vcard
--------------020900000504030403010906--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
