123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

Technical Tips To Prevent Phishing

Profile Picture
By Author: orentdorell
Total Articles: 17
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Many anti-phishing browsers have been implemented till date and some of them include embedding features in browsers, as extensions or toolbars in browsers, and as part of website login procedures. Most websites that are targeted for phishing are secure, meaning that SSL with strong cryptography is used for server authentication. In principle, it should be possible to confirm the site using the SSL authentication, but in practice, it is easy to deceive the user.


The superficial flaw in the browser’s security User Interface (UI) is that it is insufficient to deal with today’s strong threats. There are 3 parts for secure authentication: first,indication that the connection is in authenticated mode,second, the site which the user is connected to and third,which authority says it is the site that it claims to be.


Secure Connection: The user easily misses the padlock that was the standard display for secure browsing from the mid-1990s to mid 2000s. Mozilla featured a yellow URL bar in 2005 as a better indication that the connection is secure. However, unfortunately, this innovation was ...
... then reversed due to the EV Certificates, which replaced high value certificates with a green display and the rest with a white display.


Which Site: The user is expected to be sure that the domain name in the browser’s URL bar is in fact where they wanted to go. URLs can be too complex to be parsed and users often do not know or recognize the URL they intend to go making authentication meaningless. Many e-commerce sites will change the domain names within the overall set of websites making it harder for the user to trace himself. Also simply displaying the domain name of the visited website as some anti-phishing toolbars do is insufficient.


Firefox offers an alternative - A pet name extension which lets users type in their own labels for websites that they can recognize when they later return to the website. In addition, if the site is not recognized then the software warns the user or detects it outright. This symbolizes the user-centric identity management of the server. A graphical image selected by a user could be a better identification.

With the introduction of EV Certificates, browsers display the organization’s name in green making it more visible ad hopefully more consistent with the user’s expectations. But then the browser vendors have limited this display to only EV Certificates, leaving the user groping in the dark for other certificates.


Who is the Authority As far as the user is concerned, the browser is the authority at the simplest level since no authority is stated at this stage. The current practice is for the browser vendors to control a root list of acceptable Cas. The problem is that all Certification Authorities (CAs) employ neither good nor applicable checking. In addition, neither do all CA s subscribe to the same model and concept that certificates are only about authenticating web sites or e-commerce organizations. Certificate Manufacturing is the term given to low value certificates that are delivered on a credit card and an email confirmation, which can be easily perverted by fraudsters. Thus, a valid certificate issued by another CA may spoof a high value site. This could happen because the CA is in another part of the world and it is unfamiliar with high value e-commerce sites. Nevertheless, since the CA is charged with protecting its own customers and not the customers of another CA there is an inherent flaw in this model.


The solution to the above problem is that the browser should show and the user must be familiar with the name of the authority that issues the certificate. This projects that the CA as a brand and allows the user to come in contact with the handful of CAs in their country. The use of brand provides the CA with an incentive to improve their checking and the user would demand good checking for high value sites.


This solution was put into action in early versions of IE7 when displaying EV Certificates where the issuing CA was displayed. Nevertheless, this turns out to be an isolated case. There is resistance for branding CAs on the chrome resulting in a fallback to the simplest level above: the browser is the user’s authority.


Knowledge-4-success.com is a website mainly dedicated to small businesses. It offers small business owners a wide range of insightful and informative articles covering various topics on business planning, books to read, self-development, technology, marketing and many more that could help small businesses survive and succeed in today's competitive world.

Total Views: 354Word Count: 752See All articles From Author

Add Comment

Computers Articles

1. Why Property Rental Management Software Is A Smart Investment In 2024?
Author: RentAAA

2. A Learner's Guide To Neuro Linguistic Programming In Machine Learning (ml)
Author: Ben Gross

3. How Pwa Development Helps Businesses Stay Ahead In The Digital Era
Author: Elite_m_commerce

4. Challenges Of Mobile App Development
Author: Bezos

5. Benefits Of Custom Sofware Development
Author: other

6. How Does Cloud Computing And Advisory Services Help Businesses?
Author: other

7. Amazing Examples Of Php Web Development
Author: Amazing Examples Of PHP Web Development

8. Vr App Development Cost To Build Own Application
Author: goodcoders

9. Web 3.0: The Decentralized Internet Of Future
Author: goodcoders

10. Ways To Leverage Smart It Solutions For Your Retail Business
Author: goodcoders

11. Why Your Institution Needs A Scholarship Management Software
Author: Brenda Joyce

12. The Future Of Digital Solutions: Adopting Progressive Web App Development
Author: Elite_m_commerce

13. Web Design And Development Full Service Agency
Author: Web Design And Development Full Service Agency

14. Data Analytics: Turning Raw Data Into Actionable Insights
Author: John Mathew

15. Python Full Stack Development: Bridging The Frontend And Backend
Author: John Mathew

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: