Technology news and Jobs 
VIRTUALISATION Can you sniff out a rotten phish?
VIRTUALISATION Can you sniff out a rotten phish? | Can you sniff out a rotten phish? |
|
| by Stuart Corner | |
| Monday, 29 June 2009 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
However it is questionable just how valid the survey results are. The survey was undertaken not using genuine phishing sites (excuse the oxymoron) but 'phishy' and 'real' versions of web sites concocted by VeriSign for the purpose. And if you reckon you've got a good nose for smelly fish, you can see them for yourself and undertake the survey at (www.phish-no-phish.com ). If you're reading this in iTWire' home country of Australia, the US or the UK, you might be able to lift these nations' abysmal rankings in the survey. According to VeriSign it "showed that Australians were one of the most vulnerable nations, alongside the United Kingdom and United States, whilst the residents of Germany and Sweden are the savviest in protecting their identities and personal details." VeriSign offers a number of helpful suggestions on how to spot a phishy web site: - https:// "The 's' in https:// means the site is encrypted, so the information you enter is secured. While some phishing sites do have a secured Web address, many do not. Therefore, site visitors should be on the lookout for missing security on sites that should have it." - The padlock icon: "To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself." - Trust marks: "Simple visual cues in the form of popular logos can show that a Web site is authenticated, secured, and the company is reputable." - Check the Web address: "Be suspicious of any site with an unknown domain that contains the name of a well known site in the latter part of the Web address." - Green address bar: "This signifies that this site has undergone extensive identity authentication so that you can be confident it is the site it claims to be." And this is the real reason for the survey: VeriSign is trying to promote the Extended Validation (EV) standard for SSL Certificates which works with the latest browsers to turn the address bar green when an EV site is accessed. "Security vendors and Internet browsers have joined forces to establish the Extended Validation (EV) standard for SSL Certificates," VeriSign says. "With this technology, the browser and the certificate authority control the display, making it difficult for phishers and counterfeiters to hijack a brand and its customers." According to Armando Dacal, director, authentication services, VeriSign Asia Pacific, " "By adopting Extended Validation SSL Certificates, a site owner makes it easy for a shopper to see that the site they are on is genuine. When a Web user visits a site secured in this way, a high-security browser will trigger the address bar to turn green. For additional clarity, the name of the organisation listed in the certificate as well as the certificate's security vendor is also displayed." VeriSign told iTWire that it had started issuing EV certificates in September 2007 and to date has sold about 10,000. "EV SSL has been chosen by leaders in online banking and financial services (eg Visa), online retail (eg eBay, Big Brown Box), travel (eg British Airways, JetBlue), as well as healthcare, taxes, and more. Installed browser bases that support EV SSL include Internet Explorer 7, Firefox 3, Safari for Macs, Google Chrome and Opera 9.5." With us all so vulnerable to phishing and with such a deluge of spam emails trying to lure us to fake web sites, perhaps there needs to be wider adoption and greater promotion of this technology.
This article first appeared in ExchangeDaily, iTWire's daily newsletter for telecommunications professionals. Register here for your free trial.
 |
Tags
| < Next story in category | Previous story in the category > |
|---|
