Hello David, On Wednesday 08 June 2005 14:44, L. David Baron wrote: > On Wednesday 2005-06-08 14:30 +0100, Ian G wrote: > > So here's the question: > > > > Who's dealing with phishing in Mozilla? > > > > Discussion below, ending in the question. > > > > On Tuesday 07 June 2005 03:11, Tyler Close wrote: > > > I've implemented the petname tool, an anti-phishing browser extension. > > > You can find it at: > > > > > > http://petname.mozdev.org/ > > > > > > this work on another security focused mailing list. Now how do I go > > > about getting the Mozilla Security Group to review this work and > > > incorporate it into the main Firefox UI? If noone has the time or > > Are these two questions intended to be synonymous? They aren't.
Please correct me if I'm wrong, but I'm assuming that you mean "who's dealing with phishing?" and "look at petnames?" They are both heading in the same direction, same subject area. > I'm > skeptical that something like petname would help the type of users who > are most likely to be phished, since I'd think they wouldn't figure out > how to use it in the first place. Is there good evidence to the > contrary? Petname hasn't to my knowledge any testing done in a proper sense on naive users. Trustbar has, and it shares the same roots in security theory. The results were positive, although the tests were done in small numbers. If testing were needed to go further then this would be a good point to consider. The most likely victim of phishing is someone who hasn't been phished before, and believes that the browser secures the entire process. Unfortunately I don't think there is a tool that copes with that for quite fundamental reasons. Bringing the user into the security model is one fairly obvious direction to protecting against phishing - are you suggesting you think this won't work? Or that petnames just sets too high an expectation of active involvement? iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
