Article looking at some of the defences against phishing

Nov 2nd, 2004

Comments: 0
Category: Phishing

Article looking at some of the defences against phishing

There’s an article over at InfoWorld looking at the various measures that companies have been using to try and mitigate the current rising trend in phishing attacks.
My money’s on server-based mitigations as opposed to client-based ones (like the anti-phishing toolbars mentioned in the article). There are several good reasons for this.
1. Companies don’t and won’t control the client environment, so they’re not in a good position to dictate the client environment. Also given the current trend in spyware and virii, there’s no way companies can place trust in a client based solution.
2. There are literally millions of clients out there which would need to be “fixed” to make a solution work, but for each company there is only one location that needs fixed…
Personally my monies on the deployment of 2-factor authentication like secureID. Most banks already use it internally, the main reason it hasn’t been deployed for customers is cost… well if phishing starts placing a significant cost on the banks, then suddenly it starts being much more viable to deploy….
Of course there are some more complications involved as SecureID can still be vulnerable to a MITM attack, but it would still be a great step forward…..

Add a comment

Your email address will not be shared or published. Required fields are marked *