This might be a bit drastic. The sites that one would want to protect
against are https like paypal, banks, ebay and so forth. How about
having a white list of https sites? This way the attack would not work
unless it is included in one's white list. I would estimate that I go
to less than 20 sites via https regularily, so it should not be a big
deal to setup. It also might have other potential benefits for other
unknown phishing type attacks. I am assuming that folks know to look
for the https and/or closed padlock. Somebody that I know had their
yahoo email, ebay, paypal and other account hijacked had no clue about
https, so this might be a bad assumption.
Gervase Markham wrote:
After today's staff and drivers meetings, mozilla.org has decided on a
short-term course of action for dealing with the IDN/punycode problem.
http://weblogs.mozillazine.org/gerv/archives/007556.html
Gerv
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
