Home page logo

nanog logo nanog mailing list archives

Re: Dear RIPE: Please don't encourage phishing
From: Jay Ashworth <jra () baylink com>
Date: Fri, 10 Feb 2012 13:00:10 -0500 (EST)

----- Original Message -----
From: "William Herrin" <bill () herrin us>

Big problem with clickable objects which lead to PII (personally
identifiable information) or passwords. That's how phishing works -- a
disguised url that you either see at all or whose incorrect nature
slips right past your brain. The only known working solution is to
train folks to *never* click security-related URLs in email. Copy and
paste only, and only if they're readable and read right.

And right there, Bill, is the part we so rarely understand, and it kills us:

Even lots of *technical* people just don't understand what "a security-
related URL" *is*, and there's almost always no way to teach them.

So it's necessary to throw the baby out with the bathwater, and tell them
never to click on a link...  MUA's that support HTML at all, much less
they fail to tell the user when a text URL doesn't match the actual link,
are the underlying culprits here...

-- jra
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]