Anti-Phishing, why it doesn't work

[Joseph Miller <joseph () tidetamerboatlifts com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We all know that the number one reason why Anti-Phishing mechanisms do not 
work is because of dumb users.  But there are other reasons why many 
mechanisms may fail.  IMHO, the computer display is another major culprit.  
If I can gain access to a person's display (via email software 
vulnerabilities, specially formed HTML pages, etc), I can pretty much make it 
look like anything I want to.  I can make it look as though a web page is 
through a secure connection with images and I can also create a false address 
bar with images.  And currently, there is nothing really that you can do 
about it unless you make all of your users press Ctrl+Alt+Del to access a 
secure website. But what about next-generation displays?  The problem with 
current displays is that they are all flat, two dimensional, and one 
component can be mistaken for another.  But a 3D monitor could overcome this 
problem.  Operating systems could allocate a "secure depth", a level of a 3D 
screen where all operations are secured, and it is safe to access secure 
websites and the like.  Sharp already has a monitor out that will do this: 

http://www.sharpsystems.com/products/lcd_monitors/15-17_inch/ll-151-3d/

If you don't mind paying $1500 for a 15" 3D monitor, this is the choice for 
you (not to mention the added cost of redeveloping operating system desktops 
for secure applications).  But this is kind of a phun idea to kick around.  
3D monitors haven't even begun to see their potential, but maybe we'll see 
something interesting in the next 5-10 years.

- -Joseph Miller
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB9SOrmXZROF+EADURAqQ8AJ9xSG2hGnEyVL/PBnQ59B/SscRtDACeIb6X
ab6TEmlT7lH8looKBahhDR4=
=co/J
-----END PGP SIGNATURE-----