Difference between revisions of "Trusted Location"
From MgmtWiki
(→Problems) |
(→Problems) |
||
| Line 8: | Line 8: | ||
*A [https://en.wikipedia.org/wiki/Spoofed_URL spoofed URL] describes one website that poses as another website. It sometimes applies a mechanism that exploits bugs in web browser technology, allowing a malicious computer attack. During such an attack, a computer user innocently visits a web site and sees a familiar URL in the address bar such as http://www.wikipedia.org but is, in reality, sending information to an entirely different location that would typically be monitored by an information thief. | *A [https://en.wikipedia.org/wiki/Spoofed_URL spoofed URL] describes one website that poses as another website. It sometimes applies a mechanism that exploits bugs in web browser technology, allowing a malicious computer attack. During such an attack, a computer user innocently visits a web site and sees a familiar URL in the address bar such as http://www.wikipedia.org but is, in reality, sending information to an entirely different location that would typically be monitored by an information thief. | ||
*A common attack is to replace one character with a similar character, say a 1 (one) for an l (ell) or a Turkish e for a Latin e. Most users will not be able to recognize the changes and will assume the site is one that is familiar to them. | *A common attack is to replace one character with a similar character, say a 1 (one) for an l (ell) or a Turkish e for a Latin e. Most users will not be able to recognize the changes and will assume the site is one that is familiar to them. | ||
| + | *The following [https://towardsdatascience.com/phishing-domain-detection-with-ml-5be9c99293e5 site] attempts to train users how to spot fraudulent sites and lists many of the ways that a user can be fooled into believing a site is valid when it is not. The problem here is that the site is long and the instructions highly technical. This is another example of blaming the user for their inability to spot fraud when the problem is the very complexity of the web and the endlessly inventive ways that is can be missed used. | ||
==Solutions== | ==Solutions== | ||
Revision as of 13:17, 4 December 2018
Full Title or Meme
A Trusted Location is one that will display a well-known tag showing who they are and what they intend.
Context
- As a part of having a Trusted Identity in Cyberspace a series of Framework Profiles have been created to allow digital Entities to give users a statement about the policies that they support.
Problems
- A spoofed URL describes one website that poses as another website. It sometimes applies a mechanism that exploits bugs in web browser technology, allowing a malicious computer attack. During such an attack, a computer user innocently visits a web site and sees a familiar URL in the address bar such as http://www.wikipedia.org but is, in reality, sending information to an entirely different location that would typically be monitored by an information thief.
- A common attack is to replace one character with a similar character, say a 1 (one) for an l (ell) or a Turkish e for a Latin e. Most users will not be able to recognize the changes and will assume the site is one that is familiar to them.
- The following site attempts to train users how to spot fraudulent sites and lists many of the ways that a user can be fooled into believing a site is valid when it is not. The problem here is that the site is long and the instructions highly technical. This is another example of blaming the user for their inability to spot fraud when the problem is the very complexity of the web and the endlessly inventive ways that is can be missed used.
Solutions
References
- The wiki page on Cookies provides some alternate solutions.
- The wiki page on Trusted Identifier can be used to bind a URL with a Trusted Location to a real-world Entity.
