James A. Donald [EMAIL PROTECTED] writes:
2. Html encourages legitimate businesses to use complicated and obfuscated
actual targets for their urls, indistinguishable from those used by phishers.
I think a more general extension of this is HTML allows the use of
arbitrarily sophisticated
In one environment I worked in, it was important that people know what
kind of data they were looking at. The way they solved it was to put a
green colored border and label on one kind of data, and a red border and
different label on another kind of data. This reduces usable screen area
a bit,
James A. Donald wrote:
--
One needs to differentiate dialogs brought up from within the browser
client, which are trustworthy unless one is infected with malware,
from popups brought up by some other web page. (Of course if popups
are disabled except for specific sites, this is
That is a nice trick, but that still may not work entirely: if i make sure
my untrusted app always opens in maximized mode, the untrusted decoration (in
your case a big black border which actually _disappears_) may be unnoticed
along the edges of the screen; if my app then simulates the whole
This is concept is surprisingly complex. Once the attacker sees the
secure dialog, what prevents them from using the same techniques
and/or code to create a visually identical spoof? There have been
several OS-level designs to create hardware-supported secure dialogs.
Needless to say, these