Not The Browser!
Kim correctly observes that the browser is not the place to be typing your password. Indeed. I should have mentioned that.
Clearly any mechanism that can be imitated by a web page is dead in the water. Kim also wants to rule out plugins, I take it, given his earlier reference to toolbar problems. I’m OK with that. We want something that only a highly trusted program can do. That’s been so central to my thinking on this I forgot to mention it. Sorry.
[…] Ben Laurie bookends our dialogĀ (work back from here) with a really clear statement: Kim correctly observes that the browser is not […]
Pingback by IdentityBlog - Digital Identity, Privacy, and the Internet's Missing Identity Layer — 26 Feb 2008 @ 21:50
I can’t even leave a comment on Kim’s site, because I get some unhelpful error message about ID card not supplied. He writes like a patronizing Sunday tabloid, I’m surprised you take any notice.
Comment by Mick — 26 Feb 2008 @ 23:05
[…] the topic of phishing, identity expert Ben Laurie says “any mechanism that can be imitated by a web page is dead in the water“. The keyword is imitation. Does the Shaker List eliminate the ability to imitate? […]
Pingback by The Espionage » Blog Archive » A Captcha Code For Spyware — 2 Apr 2008 @ 21:07