Those anti-phishing “pick a photo and a phrase that must be displayed when you login to your bank” systems? Work-aroundable by smart-enough phishers. Wonder where the arms race goes next?
I’ve always suspected that these “Select your image and don’t enter your password if you don’t see it” systems were broken — Asking users to behave differently when something is *missing*, which they’re liable to forget even *existed*, is not security by any stretch.
New open database of user-submitted Phishing URLs. Somewhat reminiscent of Mark Fletcher’s old “Trustic” startup. Not sure how well the submission/validation system will scale, or deal with gaming, but it could be interesting to watch.
This is an archive of groovmother.com, the old blog run by Rod Begbie — A Scottish geek who lives in San Francisco, CA.