Secure UI: 9-Block Phishmarks

When I originally came up with the idea of phishmarking, I was thinking of using fractal patterns.  Unfortunately, fractual patterns are rarely simple symmetrical designs so they are more difficult to remember.  So while I was looking for a different approach, I remembered Jared Tarbell's 9-Block Pattern Generator at which basically does what quilt makers have been doing for … Continue reading Secure UI: 9-Block Phishmarks

Phishing News

Glenbrook Partners has updated their phishing analysis.  It's a must read for executives concerned about online fraud. Meanwhile, PassMark has finally unveiled itself with an announcement (and demo) of new countermeasures against phishing attacks.  PassMark was founded by Bill Harris, former CEO of Intuit and PayPal. The frog and the text in red are PassMarks. … Continue reading Phishing News

Visual Spoofing

While Microsoft recently patched a URL-based spoofing vulnerability, a whole new class of spoofing exists for browsers: Visual Spoofing.  I have not yet seen any evidence of this type of spoofing actually being done, but I was able to create a demo in less than an hour. Here is the demo of visual spoofing for IE6 I put … Continue reading Visual Spoofing