Security through kittens, was Solving password problems
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Feb 26 01:34:35 EST 2009
"James A. Donald" <jamesd at echeque.com> writes:
>The interesting thing is that it and similar phishes do not seem to have been
>all that successful - few people seemed to notice at all, the general
>reaction being to simply hit the spam key reflexively, much as people click
>away popup warnings reflexively, and are unaware that there ever was a popup.
>
>Why the attack resistance? I conjecture that:
>
>1. User normally enters his password in an environment that looks nothing
> like a web page, so being asked to do so in a web page automatically makes
> him suspicious - it is a deviation from normal workflow
>
>2. Blizzard never communicates by email, so receiving email from blizzard
> automatically makes the user suspicious.
You'd really need to perform a controlled experiment to see which factors
actually affect this. For example another factor could be that the gamer
demographic is more aware of phishing than Joe Sixpack and therefore less
likely to become a target. Or that they're more interested in gaming than
account management and just ignore the message. It'd be interesting to see
what the contributing factors are (although if it's "more interested in gaming
than account management" then it doesn't translate to other areas much).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list