nanog mailing list archives
Re: Dear RIPE: Please don't encourage phishing
From: Jay Ashworth <jra () baylink com>
Date: Fri, 10 Feb 2012 13:00:10 -0500 (EST)
----- Original Message -----
From: "William Herrin" <bill () herrin us>
Big problem with clickable objects which lead to PII (personally identifiable information) or passwords. That's how phishing works -- a disguised url that you either see at all or whose incorrect nature slips right past your brain. The only known working solution is to train folks to *never* click security-related URLs in email. Copy and paste only, and only if they're readable and read right.
And right there, Bill, is the part we so rarely understand, and it kills us: Even lots of *technical* people just don't understand what "a security- related URL" *is*, and there's almost always no way to teach them. So it's necessary to throw the baby out with the bathwater, and tell them never to click on a link... MUA's that support HTML at all, much less they fail to tell the user when a text URL doesn't match the actual link, are the underlying culprits here... Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Current thread:
- Re: Dear RIPE: Please don't encourage phishing, (continued)
- Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing -Hammer- (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Randy Bush (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Steven Bellovin (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Rich Kulawiec (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jeff Kell (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Steven Bellovin (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Måns Nilsson (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing William Herrin (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Landon Stewart (Feb 10)