[FoRK] Poisoned DNS and informal certificates
Russell Turpin
<deafbox at hotmail.com> on
Mon Feb 18 16:28:00 PST 2008
When I signed up for online banking with my credit union, they had me select
an image. That image is displayed on the page that solicits my password,
after I give my account name. The site cautions if I don't see the chosen
picture, I shouldn't proceed. This obviously gives some security against a
fake site as phishers use. But also against a fake site reached by DNS
poisoning. It is, in some sense, an informal certificate, one that I selected
and now tied into my visual memory.
If I recall correctly, the sign up process did this in a fairly sophisticated
manner. If the image set it uses is large, or changes every month, it might
well be that every account holder gets their own unique image. That would
make it a good deal more difficult to set up a fake site.
_________________________________________________________________
Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now.
http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
More information about the FoRK
mailing list