ALL >> Computers >> View Article
Technical Tips To Prevent Phishing
Total Articles: 17
Many anti-phishing browsers have been implemented till date and some of them include embedding features in browsers, as extensions or toolbars in browsers, and as part of website login procedures. Most websites that are targeted for phishing are secure, meaning that SSL with strong cryptography is used for server authentication. In principle, it should be possible to confirm the site using the SSL authentication, but in practice, it is easy to deceive the user.
The superficial flaw in the browser’s security User Interface (UI) is that it is insufficient to deal with today’s strong threats. There are 3 parts for secure authentication: first,indication that the connection is in authenticated mode,second, the site which the user is connected to and third,which authority says it is the site that it claims to be.
Secure Connection: The user easily misses the padlock that was the standard display for secure browsing from the mid-1990s to mid 2000s. Mozilla featured a yellow URL bar in 2005 as a better indication that the connection is secure. However, unfortunately, this innovation was then reversed due to the EV Certificates, which replaced high value certificates with a green display and the rest with a white display.
Which Site: The user is expected to be sure that the domain name in the browser’s URL bar is in fact where they wanted to go. URLs can be too complex to be parsed and users often do not know or recognize the URL they intend to go making authentication meaningless. Many e-commerce sites will change the domain names within the overall set of websites making it harder for the user to trace himself. Also simply displaying the domain name of the visited website as some anti-phishing toolbars do is insufficient.
Firefox offers an alternative - A pet name extension which lets users type in their own labels for websites that they can recognize when they later return to the website. In addition, if the site is not recognized then the software warns the user or detects it outright. This symbolizes the user-centric identity management of the server. A graphical image selected by a user could be a better identification.
With the introduction of EV Certificates, browsers display the organization’s name in green making it more visible ad hopefully more consistent with the user’s expectations. But then the browser vendors have limited this display to only EV Certificates, leaving the user groping in the dark for other certificates.
Who is the Authority As far as the user is concerned, the browser is the authority at the simplest level since no authority is stated at this stage. The current practice is for the browser vendors to control a root list of acceptable Cas. The problem is that all Certification Authorities (CAs) employ neither good nor applicable checking. In addition, neither do all CA s subscribe to the same model and concept that certificates are only about authenticating web sites or e-commerce organizations. Certificate Manufacturing is the term given to low value certificates that are delivered on a credit card and an email confirmation, which can be easily perverted by fraudsters. Thus, a valid certificate issued by another CA may spoof a high value site. This could happen because the CA is in another part of the world and it is unfamiliar with high value e-commerce sites. Nevertheless, since the CA is charged with protecting its own customers and not the customers of another CA there is an inherent flaw in this model.
The solution to the above problem is that the browser should show and the user must be familiar with the name of the authority that issues the certificate. This projects that the CA as a brand and allows the user to come in contact with the handful of CAs in their country. The use of brand provides the CA with an incentive to improve their checking and the user would demand good checking for high value sites.
This solution was put into action in early versions of IE7 when displaying EV Certificates where the issuing CA was displayed. Nevertheless, this turns out to be an isolated case. There is resistance for branding CAs on the chrome resulting in a fallback to the simplest level above: the browser is the user’s authority.
Knowledge-4-success.com is a website mainly dedicated to small businesses. It offers small business owners a wide range of insightful and informative articles covering various topics on business planning, books to read, self-development, technology, marketing and many more that could help small businesses survive and succeed in today's competitive world.
Computers Articles1. Here How You Resolve Your Email Related Problem On Your Android Device
Author: ADV Software
2. Microsoft Windows Troubleshooting “access Denied” Issue
Author: Minerva Livia
3. The Computer Repair Service Milwaukee Offer Best Services Within Affordable Price
4. Contact Hard Drive Data Recovery Milwaukee To Restore Data From Failed Hard Drives
5. How To Treat An Infected Computer Remotely?
Author: online pc support
6. When To Call Hotmail Customer Care Number
Author: Adv Software
7. Stay Connected To The Comcast Xfinity Internet By Resolving Common Issues
Author: Jasper Arran
8. Resolve Problems Of Canon And Brother Printers
Author: adv software
9. Want To Resolve Hp Printer Most Common Issue—have A Look On Hp Support Tips And Tricks
Author: Lewis Kathy
10. Manual Testing Training Online
Author: Mind Q Systems
11. It Services In West Boxford
Author: IT Services In West Boxford
12. Professional Script Design Services Can Make A Difference To Your Business Online
13. Troubleshoot The Most Common Technical Issues In Windows 10 By Contacting Windows Technicians
Author: Philippa Pippa
14. Mac Os X Mountain Lion Ensures The Utmost Protection Against Malware Program
Author: Barack Taye
15. How To Get Best Email Technical Support?