Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 04, 2016, 12:31:50 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Setting up secure bookmarks/favorites  (Read 7691 times)

howiem

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 13
    • View Profile
    • Donate to Member
Setting up secure bookmarks/favorites
« on: May 09, 2007, 01:42:53 PM »
Not being a programmer, I would like to see a small program that can set up secure favorites/bookmarks for banking and other financial transactions.  It should be capable of setting up the secure (https) favorites/bookmarks for both banks and shopping sites.
For banks it would need to do the following:
1.  locate and verify the genuine website of the bank/financial institution, possibly using a technique like the Hinson Tip at http://www.noticebor.../phishing_alert.html.  The user would only have to input the name of the bank or financial institution.
2.  prompt the user to log in, verify that the following page is an https page, and then click a link to another https page. 
3.  Automatically bookmark (add to favorites) the page in 2. above with the name of the bank and an indicator that the site is secure.  Example:  Bank of America - SECURE

For shopping sites
1.  Visit the web site and go through the process to do a test purchase.
2.  When the program arrives at the payment options page, verify that it is secure.  3.  Then bookmark or add that https page to favorites with an indicator that the page is secure.  Example:  AMAZON.COM - SECURE

The program would also need to stress that users should use ONLY SECURE book marks/favorites to access all sites where they conduct any kind of financial transactions. 

My rationale for this is that the main way people get phished is by getting tricked into clicking links in email, on web sites and in Instant Messages, etc.  Another way they can get phished is by DNS poisoning. 

Right now the security industry expends its efforts in telling people how to recognize fake web sites and fake email, etc.  A program like this would focus on getting users to the correct web site where they will not get phished, and they can stop wasting their time reading about fake this and fake that.  Of course setting up secure bookmarks/favorites can be easily done manually by most users, but having a program that "does it for them" might even lure some of the gullible into actually using it.    :o


app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Setting up secure bookmarks/favorites
« Reply #1 on: May 09, 2007, 01:57:51 PM »
One really big problem with the bookmarks idea...one bad entry in a hosts file by some malware could cause you to go to a fake page when clicking the so-called 'secure bookmark' made by this application....and then there goes your idea of safety right out the window.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Setting up secure bookmarks/favorites
« Reply #2 on: May 09, 2007, 02:39:15 PM »
actually a plugin that resolved the ips of web pages, and compared them against known trusted official ips of these sites would solve the problem wouldnt it? does this exist already?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Setting up secure bookmarks/favorites
« Reply #3 on: May 09, 2007, 07:37:03 PM »
cybernetnews did a short story on secure firefox addons here:
http://tech.cybernet...-for-firefox-and-ie/

howiem

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 13
    • View Profile
    • Donate to Member
Re: Setting up secure bookmarks/favorites
« Reply #4 on: May 10, 2007, 12:19:03 PM »
One really big problem with the bookmarks idea...one bad entry in a hosts file by some malware could cause you to go to a fake page when clicking the so-called 'secure bookmark' made by this application....and then there goes your idea of safety right out the window.

Understood, but wouldn't that happen even if you type in the address?  And if the secure URL were random (any https  page) within the genuine domain, wouldn't it be difficult for a phisher to determine what to redirect? 

howiem

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 13
    • View Profile
    • Donate to Member
Re: Setting up secure bookmarks/favorites
« Reply #5 on: May 10, 2007, 02:50:01 PM »
cybernetnews did a short story on secure firefox addons here:
http://tech.cybernet...-for-firefox-and-ie/

Mouser,
I just read that article.  I've used all those tools except Firekeeper, but none of them are anti-phishing tools , although you might get warned if the site owner does not reveal his name.  The reason I asked for the tool for secure bookmarks is because none of the anti-phishing tools is completely accurate, and even though users could set up their  own secure bookmarks, they don't and having a tool to lean on might get a few less phished. 

howiem

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 13
    • View Profile
    • Donate to Member
Re: Setting up secure bookmarks/favorites
« Reply #6 on: August 19, 2007, 11:23:16 PM »
actually a plugin that resolved the ips of web pages, and compared them against known trusted official ips of these sites would solve the problem wouldnt it? does this exist already?

There is a bit of javascript that can be used - see the Hinson Tip at http://www.noticebor.../phishing_alert.html