« Macs Make a Growing Target | Main | Mozilla Fixes Flaws »

Today I came across an article at Security Fix that seems to me the most common sense approach to counter what is quickly becoming one of the most malicious threats on the internet: phishing. Phishing is a counterfeit website that tries to pass itself of as a well known and legitimate site, usually to get access to your financial or credit card data. I actually almost fell for the scam once myself.

Where old solutions tried to track known phishers and their scams, this new approach goes to the very root of the problem: what about a browser that simply tells you whether the site you are at is who they say they are.

The new solution, originated by CA/Browserforum, involves the companies who sell and verify security certificates. Any company today can purchase an SSL, or secure sockets layer, which attempts to show that the website you are at takes their security seriously. But while clicking on the padlock icon in the browser that comes with SSL certified sites gives you information about the site you are at, most users simply don't know to do it, and many certificates are hard to make sense of. Also, SSL’s can now be easily acquired by anyone and the site legitimizing process is largely automated and therefore easy to fool.

CA/Browserforum intends to create a “supercert” known as an “extended validation” SSL certificate, or an EVSSL. EVSSL’s would cost more money, but would also be more rigorously verified. And by working with the different internet browsers, they could develop a standardized and easy-to-see method of site identity verification.

You ask me, I say get it done yesterday.

Posted by pschooff in Better Protection • Phishing |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/941