On Oct 27, 2015, at 2:17 PM, Christian Huitema
<huitema(_at_)microsoft(_dot_)com> wrote:
Identity checks matter. Lots of the discussion focused on SPAM, but the
"acute problem of the day" is actually phishing, and specifically forging a
mail that appears to come from someone you trust, to entice you to open a
document or visit a URL that you should not. That's a pretty common step in
the chain of events that leads to another "42 million user accounts
compromised in a breach."
This is correct. If I seem a bit strident on this issue, it’s because I’ve
actually had a family member personally affected by this problem, in a rather
severe way. The ability to verify that mail actually came from whom it claims
to have come is quite important particularly for aging family members who might
not not be as good at detecting scams as they once were. And for that matter,
I’ve been momentarily fooled once or twice in recent years—the amateurs give us
a false sense of security, but some phishers are _very_ skilled.
Of course, part of this is a UI issue, which is out of scope, but perhaps worth
mentioning: MUAs should never present a blinded URL. If the HTML looks like
this:
<a href="http://nefarious.example.org/QOJWEOJOWJCJ#UR1OJOJFOIJ?hack=yes
<http://nefarious.example.org/QOJWEOJOWJCJ#UR1OJOJFOIJ?hack=yes>">http://www.example.com/
<http://www.example.com/></a>
The user should see this:
http://nefarious.example.org/QOJWEOJOWJCJ#UR1OJOJFOIJ?hack=yes
<http://nefarious.example.org/QOJWEOJOWJCJ#UR1OJOJFOIJ?hack=yes>
I mention this only because PHB brought up architecture and Christian mentioned
enticing people to visit URLs. The definition of "working" has to include not
being subject to obvious UI vulnerabilities that are only safe if the end user
is Bruce Schneier. Perhaps we need a Consumer Reports for commonly-used
software.