The dispute over a new anti-phishing proposal - a secure top-level domain for financial institutions - continues. Originally, F-Secure researcher Mikko Hypponen called for the establishment of a new, secure domain (such as 'dot bank'), which big institutions would be charged a large sum to use. This step, the argument ran, would make life more difficult for phishers, who often set up official sounding.com addresses to fool unsuspecting users.
Not everyone is impressed with the scheme. "This wouldn't really make browsers more secure - the true extension is often obfuscated anyway," argued Gunter Ollmann, director of X-Force, Internet Security Systems. "There is a lot of work going on at the moment to make registrars more responsible in this area. There is also the issue of hijacking/poisoning DNS servers, which would also render this move useless."
Following this and similar comments, F-Secure issued a lengthy statement: "This is not a silver bullet. A new top-level domain would not be the end of the phishing problem. But it would be a helpful top-level domain and it would stop a particular subset of phishing completely."