The Month: Dispute over new anti-phishing proposal

June 27, 2007

The dispute over a new anti-phishing proposal - a secure top-level domain for financial institutions - continues. Originally, F-Secure researcher Mikko Hypponen called for the establishment of a new, secure domain (such as 'dot bank'), which big institutions would be charged a large sum to use. This step, the argument ran, would make life more difficult for phishers, who often set up official sounding.com addresses to fool unsuspecting users.

Not everyone is impressed with the scheme. "This wouldn't really makebrowsers more secure - the true extension is often obfuscated anyway,"argued Gunter Ollmann, director of X-Force, Internet Security Systems."There is a lot of work going on at the moment to make registrars moreresponsible in this area. There is also the issue of hijacking/poisoningDNS servers, which would also render this move useless."

Following this and similar comments, F-Secure issued a lengthystatement: "This is not a silver bullet. A new top-level domain wouldnot be the end of the phishing problem. But it would be a helpfultop-level domain and it would stop a particular subset of phishingcompletely."

prestitial ad