DonationCoder.com Software > Coding Snack Guidelines
Setting up secure bookmarks/favorites
howiem:
Not being a programmer, I would like to see a small program that can set up secure favorites/bookmarks for banking and other financial transactions. It should be capable of setting up the secure (https) favorites/bookmarks for both banks and shopping sites.
For banks it would need to do the following:
1. locate and verify the genuine website of the bank/financial institution, possibly using a technique like the Hinson Tip at http://www.noticebored.com/html/phishing_alert.html. The user would only have to input the name of the bank or financial institution.
2. prompt the user to log in, verify that the following page is an https page, and then click a link to another https page.
3. Automatically bookmark (add to favorites) the page in 2. above with the name of the bank and an indicator that the site is secure. Example: Bank of America - SECURE
For shopping sites
1. Visit the web site and go through the process to do a test purchase.
2. When the program arrives at the payment options page, verify that it is secure. 3. Then bookmark or add that https page to favorites with an indicator that the page is secure. Example: AMAZON.COM - SECURE
The program would also need to stress that users should use ONLY SECURE book marks/favorites to access all sites where they conduct any kind of financial transactions.
My rationale for this is that the main way people get phished is by getting tricked into clicking links in email, on web sites and in Instant Messages, etc. Another way they can get phished is by DNS poisoning.
Right now the security industry expends its efforts in telling people how to recognize fake web sites and fake email, etc. A program like this would focus on getting users to the correct web site where they will not get phished, and they can stop wasting their time reading about fake this and fake that. Of course setting up secure bookmarks/favorites can be easily done manually by most users, but having a program that "does it for them" might even lure some of the gullible into actually using it. :o
app103:
One really big problem with the bookmarks idea...one bad entry in a hosts file by some malware could cause you to go to a fake page when clicking the so-called 'secure bookmark' made by this application....and then there goes your idea of safety right out the window.
mouser:
actually a plugin that resolved the ips of web pages, and compared them against known trusted official ips of these sites would solve the problem wouldnt it? does this exist already?
mouser:
cybernetnews did a short story on secure firefox addons here:
http://tech.cybernetnews.com/2007/05/09/cybernotes-secure-browsing-tools-and-extensions-for-firefox-and-ie/
howiem:
One really big problem with the bookmarks idea...one bad entry in a hosts file by some malware could cause you to go to a fake page when clicking the so-called 'secure bookmark' made by this application....and then there goes your idea of safety right out the window.
-app103 (May 09, 2007, 01:57 PM)
--- End quote ---
Understood, but wouldn't that happen even if you type in the address? And if the secure URL were random (any https page) within the genuine domain, wouldn't it be difficult for a phisher to determine what to redirect?
Navigation
[0] Message Index
[#] Next page
Go to full version