Re: Phishing a thing of the past

[Nick FitzGerald <nick () virus-l demon co uk>]

Hubbard, Dan wrote:

<<snip>>
> Looks like in 18 months the web is safe again. By then Vista will be
> widely adopted and we will not have malicious code, client exploits, or
> fraud either.

Implicit smiley noted...

But really, what do we think is more likely -- the above scenario, or 
one where "bamboozled" parents (i.e. those that need the most help) 
have left setting up their machines to their kids (who we all know 
"just get these new-fangled computer things") who have become totally 
blase (if, in fact, they were anything else anyway) about entering the 
admin-privileges raising password to everything that asks for it?

True, by then phishing (as we know it today -- well, until a few months 
back) will be a thing of the past, but in the alternate future I 
suggest, phishing will have evolved into on-machine/in-browser hi-
jackings (as we are already seeing a little of), more key-logging, 
screen-scraping, etc (through those "you need this driver to see all 
the content on this site" spoofs and so on, SE'ing folk into entering 
that admin password), and so on...

Protecting GP computers from users that don't want to be protected, or 
at least, don't want to make the effort to understand enough to know 
what "security" means, _AND WHO_ we give admin (elevating) rights to is 
a pointless task.


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.