Ben Laurie blathering

Making No Sense

Paul Madsen wants to continue to beat this dead horse. OK.

unphishable : impossible to phish, see phish.
phish: a fraudulent attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication

This more inclusive definition does not guarantee (for some mechanisms, this would be the case) that there will be nothing on the authentication server that could be used by a insider to impersonate the user elsewhere. And so, this type of unphishable does not inevitably mean that it is appropriate to use the same credential everywhere.

It seems the plan here is to define certain ways of stealing your password as something other than phishing, and because I want to defend against them, I am therefore wrong. What a pointless argument!

OK, let’s call them unstealable instead of unphishable. Happy now?

1 Comment

  1. Yes thanks, ecstatic.



    Comment by Paul Madsen — 4 Dec 2008 @ 21:02

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress