Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Re: site-specific sidebars/toolbars

0 views

Skip to first unread message

Edward Lee

unread,

May 15, 2007, 1:44:19 PM5/15/07

Relating to sidebars, "Web Wallet: Preventing Phishing Attacks by
Revealing User Intensions" [1] makes use of a sidebar which acts like a
"proxy" that fills in login information instead of the user while
providing a negative feedback if the user is potentially doing something
unsafe.

They found that Web Wallet does help prevent normal phishing attacks;
unfortunately, a website with a fake Web Wallet interface had relatively
high spoof rates. So site-specific sidebars potentially would make it
easier to create these spoofs; however, they can also provide a lot more
functionality for the website and users.

[1] http://groups.csail.mit.edu/uid/projects/phishing/soups-webwallet.pdf

Myk Melez

unread,

May 15, 2007, 5:00:40 PM5/15/07

to Edward Lee

Edward Lee wrote:
> They found that Web Wallet does help prevent normal phishing attacks;
> unfortunately, a website with a fake Web Wallet interface had relatively
> high spoof rates. So site-specific sidebars potentially would make it
> easier to create these spoofs; however, they can also provide a lot more
> functionality for the website and users.

Hi Ed,

Thanks for the reference. You make an excellent point. We should make
sure that whatever we do to enable site-specific sidebars draws a
distinction between sidebars with chrome privileges and those that
belong to content. And we should make sure to do that with other
content-influenced chrome as well (f.e. the unified UI for logging into
sites).

-myk

0 new messages