On 12/10/2012 6:56 AM, Rich Kulawiec wrote:
We see examples all day, every day, of sites
that have been hijacked by attackers and now host malicious content where
formerly there was something innocuous.
...
To wit: users should never follow "important" links in email. They
should (for example) bookmark their bank's web site, and *always*
use the bookmark.
There is the kernel of an implementable idea here:
1. Create a whitelist of links the user employes regularly through
its browser. For an extra measure of safety, query the user about how
much they 'trust' the site associated with each link. (The question
needs to be put to them with better language than asking about trust.)
2. Have the email client distinguish between links that are
whitelisted and those that aren't.
I don't have any idea how much incremental safety this actually would
provide, but I think it's worthy of testing.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg