Links

Ben Laurie blathering

«
»

Not The Browser!

Kim correctly observes that the browser is not the place to be typing your password. Indeed. I should have mentioned that.

Clearly any mechanism that can be imitated by a web page is dead in the water. Kim also wants to rule out plugins, I take it, given his earlier reference to toolbar problems. I’m OK with that. We want something that only a highly trusted program can do. That’s been so central to my thinking on this I forgot to mention it. Sorry.

This entry was posted on Tuesday, February 26th, 2008 at 19:39 and is filed under Crypto, Identity Management, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

3 Comments

  1. […] Ben Laurie bookends our dialogĀ (work back from here) with a really clear statement: Kim correctly observes that the browser is not […]

    Pingback by IdentityBlog - Digital Identity, Privacy, and the Internet's Missing Identity Layer — 26 Feb 2008 @ 21:50

  2. I can’t even leave a comment on Kim’s site, because I get some unhelpful error message about ID card not supplied. He writes like a patronizing Sunday tabloid, I’m surprised you take any notice.

    Comment by Mick — 26 Feb 2008 @ 23:05

  3. […] the topic of phishing, identity expert Ben Laurie says “any mechanism that can be imitated by a web page is dead in the water“. The keyword is imitation. Does the Shaker List eliminate the ability to imitate? […]

    Pingback by The Espionage » Blog Archive » A Captcha Code For Spyware — 2 Apr 2008 @ 21:07

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress