On 10/12/2012 16:47, Dave Crocker wrote:
On 12/10/2012 6:56 AM, Rich Kulawiec wrote:
We see examples all day, every day, of sites
that have been hijacked by attackers and now host malicious content
where
formerly there was something innocuous.
...
To wit: users should never follow "important" links in email. They
should (for example) bookmark their bank's web site, and *always*
use the bookmark.
There is the kernel of an implementable idea here:
1. Create a whitelist of links the user employes regularly through
its browser. For an extra measure of safety, query the user about how
much they 'trust' the site associated with each link. (The question
needs to be put to them with better language than asking about trust.)
2. Have the email client distinguish between links that are
whitelisted and those that aren't.
I don't have any idea how much incremental safety this actually would
provide, but I think it's worthy of testing.
Surely this would be a browser feature (or 'Internet Security Software'
feature) rather than an email client feature.
The email client will not necessarily have any access to web browser
history.
The web browser should know that being called from an email client is
'different' from the user clicking on a bookmark or typing in a URL in
the browser. Then, the browser could say to the user 'You've never
accessed this site before, are you sure you want to do it?', or whatever
The problem is that to have any idea of reputation you'd have to go on
the hostname, not the full URL, as many email URLs will be 'unique' to
have some tracking information in them (yes, I know it's bad, but you
won't get banks to get rid of that, unfortunately), so each email will
have different URLs in, even if the final destination is the same.
So, the question is, is having a hostname reputation for the user better
than having no reputation, or not? I'd say yes because it would probably
catch 99% of the bad links that I see in phishing/spam, others would say
no because it won't catch 100%.
-
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg