Latest Attempt To Catch Phishers May Make Life Difficult For Small Web Vendors

from the no-fun-at-all dept

It's no secret that there are a lot of scammers out there online, and trying to come up with ways to weed out who's legit and who's not has certainly been a growth industry lately. However, sometimes things get tricky. Microsoft is rolling out a new system in the latest version of Internet Explorer that aims to flag certain sites as being safe or unsafe, using much stricter verification rules that secure certificate vendors need to follow. Of course, these are also a lot more expensive, and the strict rules mean that a lot of smaller merchants may not make the cut or may not want to pay extra to get these certificates. It raises questions about whether or not it's fair for a company like Microsoft to put the burden on the sites themselves to go out and prove to a certificate vendor that they're legit (and willing to pay a lot more than a standard secure certificate) just to be considered safe. Obviously, it can help to cut out many questionable sites, but if it has plenty of false positives, harming perfectly legitimate vendors as well, that's hardly a good solution.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    The infamous Joe, 26 Dec 2006 @ 3:49am

    sdrawkcab

    They should flag sites known to be harmful.

    Or maybe people should engage their brains instead of blindly clicking links and entering personal data-- and if they get scammed we can call it a 'stupidity fine' and sooner or later people will learn?

    Bah Humbug. :)

    reply to this | link to this | view in chronology ]

  • identicon
    misanthropic humanist, 26 Dec 2006 @ 3:59am

    This is all about defaults. Many teenagers in the arrogant throes of hormonal angst declare "I don't respect people because they demand it, people must earn respect".

    Of course an adult recognises this as nonsense. In life we must afford all people respect by default and only withdraw that repect when it's proven they are unworthy.

    Site certification is a scam. SSL works just fine with your own generated certificates and you don't need the say so of country club monopolists to speak for your good name. That is to taken for granted by all and sundry unless they are otherwise informed by way of proof that you are untrustworthy. And if that specific opinion is not backed the legitimacy of a court of law, then it is libelous/defamatory (or whatever the correct legal term may be in your part of the world.)

    reply to this | link to this | view in chronology ]

  • identicon
    Peter Bromberg, 26 Dec 2006 @ 4:00am

    Story is not completely accurate

    I have a new site that was flagged by IE 7 as being a possible phishing site, and there was an email link to correct it.

    I filled out a form and within 1 hour they confirmed that they had removed the inaccurate phishing determination.

    It didn't cost me a dime.

    reply to this | link to this | view in chronology ]

  • identicon
    Gene, 26 Dec 2006 @ 6:00am

    Re: So?

    The fact that you think knowing how to block ads on MySpace.com demonstrates some kind of computer competency or web prowess lends testiment to the hypothesis that YOU, in fact, are the n00B!

    I think you would be better of to presrible to this adage made famous by Abraham Lincoln: "It is better to have one think you are a fool, than to open your mouth and remove all doubt." Same goes for using your computer keyboard to post a comment.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Dec 2006 @ 6:41am

      Re: Re: So?

      Thats OK. BBoyDan will be looking for a new cool myspace username once his profile is blocked in about 10 minutes. You can;t remve the ads, dork, it also removes the incentive for Myspace to give you free space to talk about Boy Bands and stupid meme movies.

      reply to this | link to this | view in chronology ]

  • identicon
    Mike Chervenka, 26 Dec 2006 @ 6:19am

    MS Anti Phishing

    I own a small On-Line BBQ business, and my site was listed as a possible phishing site. There is a wizard that pops up, and as the owner of the site, I had to fill out an online form answering some pretty basic questions and submit it. It took less than 24 hours and the tag was removed from web site. So long as your shopping cart is encrypted, and you have a solid Privacy Policy, you should be fine. Both of which are very inexpensive to do,

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Dec 2006 @ 6:42am

    Oh, and BTW, "display: none;" is no top secret government program only understood by you and Donald Rumsfeld. Merry Christmas.

    reply to this | link to this | view in chronology ]

  • identicon
    That guy..., 26 Dec 2006 @ 8:01am

    Microsoft and the USA

    Microsoft is the like USA.

    USA wants to spread democracy to every person on the planet (much like the pilgrims did when they slaughtered the Indians in an attempt to spread Chri$tendom)

    Microsoft wants to spread their ideals on the world wide web.

    Granted, MS has done some good things. But, they should not be taken too seriously.

    People are sheep, and will be herded by the first dog bold enough to bark...no matter what size.


    It angers me... people are stupid, they allow themselves to be led.

    Can we blame the "leaders" for seeing an opportunity and taking advantage? I dont think so. Much like the 18 year old dude standing in line at Best Buy to buy a PS3 for $600, and then put it on eBay the next day, and sell it for $2,000... we cant blame him for taking advantage of an opportunity.


    If you bitch about what MS (and the USA) are doing, you are just vocalizing the fact that you are indeed sheep.

    Mafiosos have it right... they keep quiet, and smack loudly.

    Note: Very few mafiosos punch, they'll smack you all around the room, but they wont punch. It's strategic. Think about it...

    My advise to the sheep... keep quiet, and take action.

    Don't want to pay for new certificates? Read a book on advanced programing best practices.

    Don't want MS to rule the world? Get a Mac.

    You have the power. You just need to know it, know how to use it, and have the ballz to execute.

    Unfortunately... there are few who do. And fewer to get together to do it...

    reply to this | link to this | view in chronology ]

    • identicon
      simon, 26 Dec 2006 @ 8:22am

      Re: Microsoft and the USA

      Don't want MS to rule the world? Get a Mac

      no way,washing 1 stain by repainting the whole wall?

      get PC, and stay on Linux :))

      ^^ way cheaper and way more secure....

      reply to this | link to this | view in chronology ]

    • identicon
      The infamous Joe, 26 Dec 2006 @ 8:34am

      Re: Microsoft and the USA

      I try to give people the benefit of the doubt, but I can't see where your post and the article are related.

      The best I can come up with (and I tried) is that you're saying when America sees what they think is a problem they go out and try to fix it-- even if it's a misguided attempt.

      That being the case, I welcome you to try a different browser, like Firefox. Along the same lines, if you're in America and you don't like it-- feel free to exit my country.

      I have to wonder if you were led to your mac (like I was, sheep-like, to my PC) or if you invented it.

      reply to this | link to this | view in chronology ]

    • identicon
      charlie potatoes, 26 Dec 2006 @ 9:12am

      Re: that guy

      Fuck You, Towel-head

      reply to this | link to this | view in chronology ]

  • icon
    Jake (profile), 26 Dec 2006 @ 11:13am

    Missing the point

    As usual, an article about a Microsoft product degenerates into generic complaints of the Redmond company. Which is fine, but if the commentators would first reads the article, they would see what the issue is.

    Sites are identified in 4 ways: Red (known phishing site), Yellow (suspected phishing site), White (normal) and Green (verified legitimate business). The only issue the new certificates have to do with is green vs. white. A small business site will not be flagged as a suspected phishing just because they don't have the extended certificate. There's a fair bit of uncertainty now, because some suspect that your typical consumer will only do business with "green" sites. That may be true, but those people are probably the ones who now only shop at Amazon, Target & Dell now anyways.

    It's an oversimplification to characterize it as MS identifying sites as safe/unsafe. There are 4 levels, and if you were to present it as a dichotomy, it would make much more sense to group the "White" sites with the "Green" rather than the "Yellow" and "Red." Not getting an extended certificate won't be enough to make it "Yellow" or "Red," and characterizing it as a false positive if a legit site is "White" doesn't make a lot of sense. I recommend that folks read the linked articles, as Mike's summary and the stories' headlines do not give a good sense of the full story.

    reply to this | link to this | view in chronology ]

  • identicon
    That guy..., 26 Dec 2006 @ 11:42am

    Tsk tsk tsk... my friends, my countrymen, my brothers from other mothers...


    Simon, good point on Linux. Thanks for that.

    The infamous Joe:
    I wont expect everyone to understand everything... if you pretend to do so. I encourage you to cure Cancer and feed world hunger.

    I appreciate your suggestion on FireFox, thank you. It's my browser of choice.

    As for the USA being YOUR country. My friend, if it's yours, please remove YOUR young men and women from Iraq. If it is YOUR country, then please adjust oil prices to their respective levels. If it is YOUR country, then please reinstate the 3billion dollars that was removed from Public Education- in order to pay for YOUR war in Iraq. If it is YOUR country, please provide basic and equal health care to everyone of YOUR citizens...

    If it is YOUR country, please wake up from that dismal fking sleep you are in. The one where you think you are the best in the world, and you have the god given right to do as you please in anyone's land, for any of your capricious whims...

    Having been born and raised in this country, of parents where were born and raised in this country, whose parents, in turn, were born and raised in this country... i feel strongly about this country, yes. But that strength goes both ways: to the good and the bad.

    Additionally, i've been to many other countries, and not just on vacation, either... It's opened my eyes.

    You seem educated. Schedule a flight. Pick up a book, talk to some locals of places like Iran, Korea, Tokyo, Cuba. Speak to them about their upbringing. About their education systems. About their methodology for raising their young, their culture, their morals and their business ethic. You'll see there are some major differences in what YOUR country calls norm. But, again, i wont expect everyone to understand everything... let me repeat for the sake of emphasis.... If you do understand everything, then I encourage you to cure Cancer and feed world hunger.

    oh, and, no sir, i was not led to my mac. In fact, i do not own one. I chose to run PC because that is where my personal choice has taken me.


    To charlie potatoes,
    ... sigh... You have no clue what it means to be "alive". I'll just leave it at that.

    Your buddy, the fellow American who gives a sh*t enough to call it out,

    That Guy...

    reply to this | link to this | view in chronology ]

  • identicon
    mike, 26 Dec 2006 @ 2:04pm

    So, is this just Microsoft trying to implement their version of the Net neutrality act or something?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.