[WEB SECURITY] what if phishing went away?

Brian Eaton eaton.lists at gmail.com
Tue Jul 25 20:46:37 EDT 2006


I've been mulling over one of RSnake's recent blog entries:

http://ha.ckers.org/blog/20060724/firefox-20-anti-phishing-filter/

If browser-based antiphishing filters become widespread, will phishing
stop being profitable? Or will there be more clever phishing
techniques that evade the blacklists and the heuristics?  (How long
before the blacklists get DDOSed?)

And if the browser based filters make phishing an uneconomical scam,
will that make technologies like passmark, dynamic security skins, and
transactional authentication obsolete?

It seems like blacklists have an important role to play, but they
won't do much to prevent small, targeted, phishing-style attacks.  I'd
like to see improvements in web authentication UIs regardless.  I
could imagine a scenario where the major phishing attacks stop being
an issue because of blacklists.  At that point, a lot of the economic
incentive for improving web site authentication via other technologies
would vanish.

Admittedly, a world where phishing is too minor a problem to worry
about would be a nice problem to have.

Regards,
Brian

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list