IT Management Begins With Security
SecurityProNews > News > Security News > Phishing Fears
Search:
[ news_security_news ]

Phishing Fears



Doug Caverly
Staff Writer
2006-06-28

SecurityProNews: News RSS Feed Security News RSS Feed


If Rachna Dhamija is right, the problem of phishing is a dangerous one. What's more, Dhamija believes it may become worse, and that the current approach to solving it won't do. Dhamija is a co-author of the paper "Why Phishing Works," and the creator of Dynamic Security Skins.

In an interview with Federico Biancuzzi of SecurityFocus, Dhamija discussed phishing in general, and her paper in particular. One of her most disturbing points: "We found that the best phishing website fooled 90% of participants." They also "discovered that existing security cues are ineffective."

When asked if we could "solve the problem just working on one level, either human or technological," Dhamija responded in the negative.

"I think the solution to phishing will require advances on both levels," she continued. "However, our study suggests that a different approach is needed in the design of security systems. Rather than approaching the problem solely from a traditional cryptography-based framework (what can we secure?), we have to take into account what humans do well and what they do not do well."

As far as what the future may hold, Dhamija believes Ajax and Javascript, two increasingly popular tools, "definitely allow attackers to create better attacks. They make it possible to simulate every element of a web browser. However, Ajax also allows more interesting web applications and security interfaces to be developed. Instead of blaming specific development techniques, I think we need to change our design philosophy."

Dhamija is doing her bit to solve the problem. "I'm working on other techniques to prevent phishing in conjunction with security skins," she said, and "we have started development of an extension that can be released to the public." With credentials like hers, that's definitely good news.

Add to | DiggThis | Yahoo! My Web

Technorati:


About the Author:
Doug is a staff writer for SecurityProNews. InternetFinancialNews, SearchNewz, and WebProNews.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds