Anti-phishing

Ok, just read a rant about how to prevent people spoofing website:
http://www.advogato.org/person/ssp/diary.html?start=11

Clearly what needs to happen is not putting up giant big warnings but simply changing how the address bar is displayed. The address bar can contain so many different elements that you can trick someone into thinking they are at their own banks website. If the URL display was simplified you could remove this problem.

The address bar should only display the root domain ( .com, .co.uk) and the domain name (google). When you click on it you should get the full URL. Do people care that there is a query string? Do people care that the site is www?

Your only problem then would be people that cannot read phishing domains that are miss-typed, i.e. gooogle.com

Also doing the right thing and reversing the order of the domain would help a lot. Having http://com.google/ would make you realise that its the com part that is most significant. Problem is that we are too far into a mindset that nobody would dare change that.

Popular posts from this blog

Windows Server and the Task Scheduler Error Code 0x3

The living wage failure

IDE's and speed