[149629] in North American Network Operators' Group
Re: Dear RIPE: Please don't encourage phishing
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Fri Feb 10 13:01:11 2012
Date: Fri, 10 Feb 2012 13:00:10 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <CAP-guGXScbK_Dzc5dMdxF4Jr4CHgV_0iMd-Xkxei9WX5tkusOA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "William Herrin" <bill@herrin.us>
> Big problem with clickable objects which lead to PII (personally
> identifiable information) or passwords. That's how phishing works -- a
> disguised url that you either see at all or whose incorrect nature
> slips right past your brain. The only known working solution is to
> train folks to *never* click security-related URLs in email. Copy and
> paste only, and only if they're readable and read right.
And right there, Bill, is the part we so rarely understand, and it kills us:
Even lots of *technical* people just don't understand what "a security-
related URL" *is*, and there's almost always no way to teach them.
So it's necessary to throw the baby out with the bathwater, and tell them
never to click on a link... MUA's that support HTML at all, much less
they fail to tell the user when a text URL doesn't match the actual link,
are the underlying culprits here...
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
