- From: Dean Pierce <pierce403@gmail.com>
- Date: Thu, 12 Jul 2018 08:57:11 -0700
- To: henry.story@bblfish.net
- Cc: public-web-security@w3.org
- Message-ID: <CAFOKM3p5NR-=kZNsG6LFaDbPqhNOD1+=WNDe8_TogLudpCp18g@mail.gmail.com>
I think for any solution to be scalable it needs to be community driven with a lot of agility and flexibility. I really like some of the attempts at Web of Trust style solutions, but it's really hard to figure out how to incentivize good behavior in such a way that can't just as easily be gamed by criminals to boost the reputation of fraudulent sites. Still, I feel like some sort of fuzzy community reputation based solution is the only approach that makes sense. The great thing about that is even if a fully trusted, legitimate site gets hacked and starts serving malware, its reputation could nosedive over the course of minutes, and quickly protect additional users from getting pulled in. I'd like to see green address bars for well trusted sites, maybe grey for unpopular websites, and dark red for sites that have been judged by the community to be malicious. Maybe some browsers could even automatically block sites whose reputation drops below a certain threshold. - DEAN On Thu, Jul 12, 2018 at 5:21 AM Henry Story <henry.story@bblfish.net> wrote: > Dear Web Security group members, > > I have recently written up a proposal on how to stop (https) Phishing, > which has grown 6 fold in the past year according to the Anti Phishing > Working Group, and a lot more according to Symantec researchers I talked to > recently. > > I am looking into this as part of my PhD at Southampton, which is a mix > between Web Science, Cybersecurity and Social Machines. Bringing these > fields together opens up as I believe you will see reading this, new ways > of thinking of problems that have been dogging us for a while. > > https://medium.com/cybersoton/stopping-https-phishing-42226ca9e7d9 > > There is also a response to a couple of questions by Ben Laurie on Twitter > where I go into a bit more detail on how this solves the UI part of the > problem. > > > https://medium.com/@bblfish/response-to-remarks-on-phishing-article-c59d018324fe > > I am very keen to hear your feedback on this. As TPAC will be in Lyon which > is a reasonable distance from where I live I may be able to make it there > to talk about improvements on this proposal following your feedback. > > Sincerely, > > Henry Story > http://bblfish.net/ >
Received on Friday, 13 July 2018 12:17:14 UTC