Gervase Markham wrote: > fraudster needs to spend a disproportionate amount of time, money and > effort faking, spoofing or subverting all of the different data sources > used - such that they won't bother.
No, you hope they won't do it, but given enough incentive to move away from non-https sites, and domain validated sites, there is enough people caught by these scams to more then make it worth their while. You also indicated law enforcement agencies would hunt down and capture these perpetrators, which is another false assumption as most of the world has bigger problems then catching people stealing money from westerners. -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security