[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?
Bill Cox
waywardgeek at gmail.com
Wed Feb 8 03:55:06 EST 2017
On Wed, Feb 8, 2017 at 12:39 AM, Bill Cox <waywardgeek at gmail.com> wrote:
>
> I think a tool like that could be built as a browser plugin, and it could
> use some simple heuristics like Chrome does when it saves your passwords to
> figure out when a user is on a login page.
>
Well... I think I figured out why that wont work well. If the browser
displays the same thing for every site, as some sort of side-bar or
something, then phishers can convince the browser to show it on their
phishing site, and only a slight difference in the URL will alert the user
about the attack.
So, I guess you can't let the phisher convince the browser to show it,
which means it can only be shown for specifically trusted sites, such as
your work related login pages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170208/1b9ee266/attachment.html>
More information about the cryptography
mailing list