123ArticleOnline Logo
Welcome to 123ArticleOnline.com!

ALL » Computers >> View Article

Technical Tips To Prevent Phishing

By Expert Author: orentdorell

Many anti-phishing browsers have been implemented till date and some of them include embedding features in browsers, as extensions or toolbars in browsers, and as part of website login procedures. Most websites that are targeted for phishing are secure, meaning that SSL with strong cryptography is used for server authentication. In principle, it should be possible to confirm the site using the SSL authentication, but in practice, it is easy to deceive the user.

The superficial flaw in the browser’s security User Interface (UI) is that it is insufficient to deal with today’s strong threats. There are 3 parts for secure authentication: first,indication that the connection is in authenticated mode,second, the site which the user is connected to and third,which authority says it is the site that it claims to be.

Secure Connection: The user easily misses the padlock that was the standard display for secure browsing from the mid-1990s to mid 2000s. Mozilla featured a yellow URL bar in 2005 as a better indication that the connection is secure. However, unfortunately, this innovation was then reversed due to the EV Certificates, which replaced high value certificates with a green display and the rest with a white display.

Which Site: The user is expected to be sure that the domain name in the browser’s URL bar is in fact where they wanted to go. URLs can be too complex to be parsed and users often do not know or recognize the URL they intend to go making authentication meaningless. Many e-commerce sites will change the domain names within the overall set of websites making it harder for the user to trace himself. Also simply displaying the domain name of the visited website as some anti-phishing toolbars do is insufficient.

Firefox offers an alternative - A pet name extension which lets users type in their own labels for websites that they can recognize when they later return to the website. In addition, if the site is not recognized then the software warns the user or detects it outright. This symbolizes the user-centric identity management of the server. A graphical image selected by a user could be a better identification.

With the introduction of EV Certificates, browsers display the organization’s name in green making it more visible ad hopefully more consistent with the user’s expectations. But then the browser vendors have limited this display to only EV Certificates, leaving the user groping in the dark for other certificates.

Who is the Authority As far as the user is concerned, the browser is the authority at the simplest level since no authority is stated at this stage. The current practice is for the browser vendors to control a root list of acceptable Cas. The problem is that all Certification Authorities (CAs) employ neither good nor applicable checking. In addition, neither do all CA s subscribe to the same model and concept that certificates are only about authenticating web sites or e-commerce organizations. Certificate Manufacturing is the term given to low value certificates that are delivered on a credit card and an email confirmation, which can be easily perverted by fraudsters. Thus, a valid certificate issued by another CA may spoof a high value site. This could happen because the CA is in another part of the world and it is unfamiliar with high value e-commerce sites. Nevertheless, since the CA is charged with protecting its own customers and not the customers of another CA there is an inherent flaw in this model.

The solution to the above problem is that the browser should show and the user must be familiar with the name of the authority that issues the certificate. This projects that the CA as a brand and allows the user to come in contact with the handful of CAs in their country. The use of brand provides the CA with an incentive to improve their checking and the user would demand good checking for high value sites.

This solution was put into action in early versions of IE7 when displaying EV Certificates where the issuing CA was displayed. Nevertheless, this turns out to be an isolated case. There is resistance for branding CAs on the chrome resulting in a fallback to the simplest level above: the browser is the user’s authority.

Knowledge-4-success.com is a website mainly dedicated to small businesses. It offers small business owners a wide range of insightful and informative articles covering various topics on business planning, books to read, self-development, technology, marketing and many more that could help small businesses survive and succeed in today's competitive world.

Total Views : 73Word Count Appx. : 751See All articles From Author

Computers Articles

1. How To Set Up Quickbooks As A Nonprofit
Author: anniejackson

2. Easy Ways To Do Laptop Data Recovery In Perth
Author: Vikram Kumar

3. Mobile Phone Data Recovery – The Most Outstanding Lost Data Retriever
Author: Vikram Kumar

4. All About Flash Drive Data Recovery And Laptop Data Recovery Services In Perth
Author: Vikram Kumar

5. Hard Drive Data Recovery – The Most Effective Service In Sydney
Author: Vikram Kumar

6. Data Recovery – The Most Advanced And Trustworthy Support
Author: Vikram Kumar

7. 3 Common Mistakes That Can Damage Your Tablet Within A Year
Author: Alex Stylis

8. Most Common Windows 8 Issues And Possible Fixes.
Author: Alex Stylis

9. Most Common Windows 8 Issues And Possible Fixes
Author: Alex Stylis

10. Get Sage Cloud Accounting Software To Automate The Enterprise And Commerce
Author: Salina Smith

11. Benefits Of Using Sap For Your Business
Author: SAP Guru

12. Custom Business Software – Demands Of Mobile-based Solutions
Author: Kennedy Ruiz

13. Website Design And Development Company Web Development Company India
Author: programmersdesk

14. Sage 50 Cloud Accounting For Managing The Businesses Online And On Premise
Author: Salina Smith

15. Configure Yahoo Mail With Outlook
Author: Kathlen David

Login To Account
Login Email:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: