.Safe Didn't Catch On, So Now Company Proposes .Bank To Stop Phishing
from the if-at-first-you-don't-succeed-in-trying-to-get-a-new-TLD,-try-try-again dept
Last month, security firm F-Secure proposed the creation of a ".safe" TLD as a way to protect financial institutions and consumers from phishing attacks. The basic idea was that the TLD would connote safety, allowing consumers to use a website without worrying about being on a spoof site. Of course, this is an obviously flawed idea, since it would only work (in theory) if every financial institution shelled out for the domain, while even then, phishers would find ways to dupe people into going to phony sites. Apparently that idea didn't go over too well, so now the company is promoting the same thing, except this time it's ".bank" as opposed to ".safe". The key, according to the company's chief Mikko Hypponen, is to make the TLD cost $50,000, so that only legitimate institutions would bother to register one. Again, this runs into the exact same problems. Phishers would find still find ways of duping people into going to the wrong site, while the $50,000 price tag would deter many banks, particularly small banks and credit unions. Not surprisingly, many security experts are roundly trashing the idea for being ineffective. Obviously, phishing remains a problem, but the idea that it can be solved with a new TLD represents a failure to understand the problem, which is not exactly inspiring from the head of a security firm.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
de de dee
[ link to this | view in chronology ]
Opposed to Large Fee
How about .bank is only available to real honest financial institutions?
Pay me $200K/year and I will vet the "banks" who apply.
Let's see, the one from BofA should take about 5 minutes. That will leave me plenty of time to check out "Very Honest Russian Mafia Bank, Not Really".
Or, maybe we could create a website: "Real Bank or Not?". We will model after "Hot or Not?".
Or, I will do the vetting for only $5K/bank and get rich. Rich I tell you. Rich.
[ link to this | view in chronology ]
... just as effective
Or just use the 'evil bit' defined as in RFC3514?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
How about we lynch a few phishers
[ link to this | view in chronology ]
"natural justice"
The real problem is the idiots that can't take a few minutes to learn about basic security, a few minutes to install AVG, stop to think if their bank would really email them asking to confirm their details, etc, etc.
And the solution is a hefty self-administered fine for stupidity. Phishers just took your life savings? Too bad. Learn from it. Be smarter next time. Problem solved.
[ link to this | view in chronology ]
Two words
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Education
A ".safe" domain name will do absolutely no good if people still don't realize that a URL of "23.432.32.122/boa/cgi-bin/account.jsp" is not the real Bank of America site.
[ link to this | view in chronology ]