They found that Web Wallet does help prevent normal phishing attacks;
unfortunately, a website with a fake Web Wallet interface had relatively
high spoof rates. So site-specific sidebars potentially would make it
easier to create these spoofs; however, they can also provide a lot more
functionality for the website and users.
Ed
[1] http://groups.csail.mit.edu/uid/projects/phishing/soups-webwallet.pdf
Hi Ed,
Thanks for the reference. You make an excellent point. We should make
sure that whatever we do to enable site-specific sidebars draws a
distinction between sidebars with chrome privileges and those that
belong to content. And we should make sure to do that with other
content-influenced chrome as well (f.e. the unified UI for logging into
sites).
-myk