Dear RIPE: Please don't encourage phishing

Jay Ashworth jra at baylink.com
Fri Feb 10 18:00:10 UTC 2012


----- Original Message -----
> From: "William Herrin" <bill at herrin.us>

> Big problem with clickable objects which lead to PII (personally
> identifiable information) or passwords. That's how phishing works -- a
> disguised url that you either see at all or whose incorrect nature
> slips right past your brain. The only known working solution is to
> train folks to *never* click security-related URLs in email. Copy and
> paste only, and only if they're readable and read right.

And right there, Bill, is the part we so rarely understand, and it kills us:

Even lots of *technical* people just don't understand what "a security-
related URL" *is*, and there's almost always no way to teach them.

So it's necessary to throw the baby out with the bathwater, and tell them
never to click on a link...  MUA's that support HTML at all, much less
they fail to tell the user when a text URL doesn't match the actual link,
are the underlying culprits here...

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274




More information about the NANOG mailing list