Stuart D. Gathman wrote:
On Wed, 22 Jun 2005, Scott Kitterman wrote:
It would be interesting to know if they make any use of exp strings. That
might be another way to deal with the issue.
That might help with bogus FAIL. But doesn't help with all the phishing
schemes that can now deceive hotmail users with a bogus PASS. Microsoft
is essentially threatening banks, paypay, etc with a Microsoft sponsored
increase in phishing fraud for hotmail customers unless they immediately
publish PRA records. That's one way to build deployment - and a good
fit for Microsoft.
Smart users don't get phished.
Not so smart users don't know what httpS is, or what the little lock
icon at the bottom means, or that the displayed url can be different
then the ACTUAL url they click on in the email.
So what makes you think the little PRA box saying "PASS" is going to
mean anything to anyone that wasn't already vulnerable???
Terry
--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085