In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging
Get the entire scoop here: http://en.wikipedia.org/wiki/Phishing
Some of the blame for the widespread proliferation of online scams and phishing rests with the victims. They fall prey easily and do not pay attention to security indicators in their user agents (aka browsers).
It is nice to know that organizations such as CABForum are actively working on making browsing secure, via the new concept of Extended Validation Certificates.
CAB Forum - http://www.cabforum.org/
This is how it looks in Opera, as shown by Yngve Pettersen, Opera Security Czar.
EV in Opera
Recently, on the personal insistence of Yngve, I downloaded Opera. I was quite impressed by the security indicators displayed for sites with SSL enabled. It even read my Firefox bookmarks.
Yngve also has totally disabled SSLv2.0 from Opera 9.0 onwards
SSL v2 Disabled
The Anti-Phishing Working Group (APWG) recently held an eCrime summit in Pittsburg.
APWG
Why am I talking about all this? This is because I am one of the editors on an W3C Security Recommendation (in progress).
W3C Security Context
As the citizens of the online world, it is our responsibility to take precautions as well as force companies to be more secure in their offerings.
I have learned my lessons. I hope that you do not have to. :)
Take care when you get those emails or see lousy pop up windows on web sites.
If you are looking for free browser that is high on security, there is no other place than to look at Mozilla Firefox.
References:
1) R. Dhamija et. al
2) Do Security Toolbars Actually Prevent Phishing Attacks?
3) Evaluation of EV and PIP attacks
No comments:
Post a Comment