Latest Attempt To Catch Phishers May Make Life Difficult For Small Web Vendors
from the no-fun-at-all dept
It's no secret that there are a lot of scammers out there online, and trying to come up with ways to weed out who's legit and who's not has certainly been a growth industry lately. However, sometimes things get tricky. Microsoft is rolling out a new system in the latest version of Internet Explorer that aims to flag certain sites as being safe or unsafe, using much stricter verification rules that secure certificate vendors need to follow. Of course, these are also a lot more expensive, and the strict rules mean that a lot of smaller merchants may not make the cut or may not want to pay extra to get these certificates. It raises questions about whether or not it's fair for a company like Microsoft to put the burden on the sites themselves to go out and prove to a certificate vendor that they're legit (and willing to pay a lot more than a standard secure certificate) just to be considered safe. Obviously, it can help to cut out many questionable sites, but if it has plenty of false positives, harming perfectly legitimate vendors as well, that's hardly a good solution.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
sdrawkcab
Or maybe people should engage their brains instead of blindly clicking links and entering personal data-- and if they get scammed we can call it a 'stupidity fine' and sooner or later people will learn?
Bah Humbug. :)
[ link to this | view in chronology ]
Of course an adult recognises this as nonsense. In life we must afford all people respect by default and only withdraw that repect when it's proven they are unworthy.
Site certification is a scam. SSL works just fine with your own generated certificates and you don't need the say so of country club monopolists to speak for your good name. That is to taken for granted by all and sundry unless they are otherwise informed by way of proof that you are untrustworthy. And if that specific opinion is not backed the legitimacy of a court of law, then it is libelous/defamatory (or whatever the correct legal term may be in your part of the world.)
[ link to this | view in chronology ]
Story is not completely accurate
I filled out a form and within 1 hour they confirmed that they had removed the inaccurate phishing determination.
It didn't cost me a dime.
[ link to this | view in chronology ]
Re: So?
I think you would be better of to presrible to this adage made famous by Abraham Lincoln: "It is better to have one think you are a fool, than to open your mouth and remove all doubt." Same goes for using your computer keyboard to post a comment.
[ link to this | view in chronology ]
Re: Re: So?
[ link to this | view in chronology ]
MS Anti Phishing
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Microsoft and the USA
USA wants to spread democracy to every person on the planet (much like the pilgrims did when they slaughtered the Indians in an attempt to spread Chri$tendom)
Microsoft wants to spread their ideals on the world wide web.
Granted, MS has done some good things. But, they should not be taken too seriously.
People are sheep, and will be herded by the first dog bold enough to bark...no matter what size.
It angers me... people are stupid, they allow themselves to be led.
Can we blame the "leaders" for seeing an opportunity and taking advantage? I dont think so. Much like the 18 year old dude standing in line at Best Buy to buy a PS3 for $600, and then put it on eBay the next day, and sell it for $2,000... we cant blame him for taking advantage of an opportunity.
If you bitch about what MS (and the USA) are doing, you are just vocalizing the fact that you are indeed sheep.
Mafiosos have it right... they keep quiet, and smack loudly.
Note: Very few mafiosos punch, they'll smack you all around the room, but they wont punch. It's strategic. Think about it...
My advise to the sheep... keep quiet, and take action.
Don't want to pay for new certificates? Read a book on advanced programing best practices.
Don't want MS to rule the world? Get a Mac.
You have the power. You just need to know it, know how to use it, and have the ballz to execute.
Unfortunately... there are few who do. And fewer to get together to do it...
[ link to this | view in chronology ]
Re: Microsoft and the USA
no way,washing 1 stain by repainting the whole wall?
get PC, and stay on Linux :))
^^ way cheaper and way more secure....
[ link to this | view in chronology ]
Re: Microsoft and the USA
The best I can come up with (and I tried) is that you're saying when America sees what they think is a problem they go out and try to fix it-- even if it's a misguided attempt.
That being the case, I welcome you to try a different browser, like Firefox. Along the same lines, if you're in America and you don't like it-- feel free to exit my country.
I have to wonder if you were led to your mac (like I was, sheep-like, to my PC) or if you invented it.
[ link to this | view in chronology ]
Re: that guy
[ link to this | view in chronology ]
Missing the point
Sites are identified in 4 ways: Red (known phishing site), Yellow (suspected phishing site), White (normal) and Green (verified legitimate business). The only issue the new certificates have to do with is green vs. white. A small business site will not be flagged as a suspected phishing just because they don't have the extended certificate. There's a fair bit of uncertainty now, because some suspect that your typical consumer will only do business with "green" sites. That may be true, but those people are probably the ones who now only shop at Amazon, Target & Dell now anyways.
It's an oversimplification to characterize it as MS identifying sites as safe/unsafe. There are 4 levels, and if you were to present it as a dichotomy, it would make much more sense to group the "White" sites with the "Green" rather than the "Yellow" and "Red." Not getting an extended certificate won't be enough to make it "Yellow" or "Red," and characterizing it as a false positive if a legit site is "White" doesn't make a lot of sense. I recommend that folks read the linked articles, as Mike's summary and the stories' headlines do not give a good sense of the full story.
[ link to this | view in chronology ]
Simon, good point on Linux. Thanks for that.
The infamous Joe:
I wont expect everyone to understand everything... if you pretend to do so. I encourage you to cure Cancer and feed world hunger.
I appreciate your suggestion on FireFox, thank you. It's my browser of choice.
As for the USA being YOUR country. My friend, if it's yours, please remove YOUR young men and women from Iraq. If it is YOUR country, then please adjust oil prices to their respective levels. If it is YOUR country, then please reinstate the 3billion dollars that was removed from Public Education- in order to pay for YOUR war in Iraq. If it is YOUR country, please provide basic and equal health care to everyone of YOUR citizens...
If it is YOUR country, please wake up from that dismal fking sleep you are in. The one where you think you are the best in the world, and you have the god given right to do as you please in anyone's land, for any of your capricious whims...
Having been born and raised in this country, of parents where were born and raised in this country, whose parents, in turn, were born and raised in this country... i feel strongly about this country, yes. But that strength goes both ways: to the good and the bad.
Additionally, i've been to many other countries, and not just on vacation, either... It's opened my eyes.
You seem educated. Schedule a flight. Pick up a book, talk to some locals of places like Iran, Korea, Tokyo, Cuba. Speak to them about their upbringing. About their education systems. About their methodology for raising their young, their culture, their morals and their business ethic. You'll see there are some major differences in what YOUR country calls norm. But, again, i wont expect everyone to understand everything... let me repeat for the sake of emphasis.... If you do understand everything, then I encourage you to cure Cancer and feed world hunger.
oh, and, no sir, i was not led to my mac. In fact, i do not own one. I chose to run PC because that is where my personal choice has taken me.
To charlie potatoes,
... sigh... You have no clue what it means to be "alive". I'll just leave it at that.
Your buddy, the fellow American who gives a sh*t enough to call it out,
That Guy...
[ link to this | view in chronology ]
[ link to this | view in chronology ]