Say That Again

by Joseph Weisenthal

.Safe Didn't Catch On, So Now Company Proposes .Bank To Stop Phishing

from the if-at-first-you-don't-succeed-in-trying-to-get-a-new-TLD,-try-try-again dept

Last month, security firm F-Secure proposed the creation of a ".safe" TLD as a way to protect financial institutions and consumers from phishing attacks. The basic idea was that the TLD would connote safety, allowing consumers to use a website without worrying about being on a spoof site. Of course, this is an obviously flawed idea, since it would only work (in theory) if every financial institution shelled out for the domain, while even then, phishers would find ways to dupe people into going to phony sites. Apparently that idea didn't go over too well, so now the company is promoting the same thing, except this time it's ".bank" as opposed to ".safe". The key, according to the company's chief Mikko Hypponen, is to make the TLD cost $50,000, so that only legitimate institutions would bother to register one. Again, this runs into the exact same problems. Phishers would find still find ways of duping people into going to the wrong site, while the $50,000 price tag would deter many banks, particularly small banks and credit unions. Not surprisingly, many security experts are roundly trashing the idea for being ineffective. Obviously, phishing remains a problem, but the idea that it can be solved with a new TLD represents a failure to understand the problem, which is not exactly inspiring from the head of a security firm.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Prophet, May 9th, 2007 @ 7:31pm

    de de dee

    I dont care how many different domain names you shell out people who are un-educated abot hwo to be safe on their computer are still going to have Phishing and viruses. I am a pretty savvy about security and haven't had my own Virus issue for over two years now. People just need to be educated about the internet before they step out onto the Information superhighway with a lerners permit and a Lamborghini of a vehicle to navgiate with .

    reply to this | link to this | view in thread ]

  2. identicon
    Dave Barnes, May 9th, 2007 @ 7:48pm

    Opposed to Large Fee

    $50K is real money to my credit union.

    How about .bank is only available to real honest financial institutions?

    Pay me $200K/year and I will vet the "banks" who apply.
    Let's see, the one from BofA should take about 5 minutes. That will leave me plenty of time to check out "Very Honest Russian Mafia Bank, Not Really".

    Or, maybe we could create a website: "Real Bank or Not?". We will model after "Hot or Not?".

    Or, I will do the vetting for only $5K/bank and get rich. Rich I tell you. Rich.

    reply to this | link to this | view in thread ]

  3. identicon
    zcat, May 9th, 2007 @ 8:27pm

    ... just as effective

    Perhaps they should just create a '.fraud' top level domain and demand that all fraudulent sites have to be in it.

    Or just use the 'evil bit' defined as in RFC3514?

    reply to this | link to this | view in thread ]

  4. identicon
    Prophet, May 9th, 2007 @ 9:33pm

    I work for a Bank processor that is one of the top ten in the nation. And agree with dave. Some of these Credit unions dont even have 50k in their Liquid assets, they rely on payments from interest to stay afloat. Most of the credit unions go through a processor Like mine and rely on them to prevent fraud, and it still happens. We have to Block cards and account daily, and this tom and jerry game will never end. So to me this is just a way for them to get money, promise security and then when something happens just point to their lawyers and disclaimers and shrug it off.

    reply to this | link to this | view in thread ]

  5. identicon
    Doug, May 9th, 2007 @ 10:49pm

    How about we lynch a few phishers

    Sentence a few of these phishers to 100+ years in prison and the problem goes away. If they are overseas then just hire mercenaries to hunt them and kill them. I love that Saturday Night Live commercial where the Fraud protection service was going around and rounding up the suspects overseas and torturng them.

    reply to this | link to this | view in thread ]

  6. identicon
    zcat, May 10th, 2007 @ 12:00am

    "natural justice"

    A better idea; "Do Nothing"

    The real problem is the idiots that can't take a few minutes to learn about basic security, a few minutes to install AVG, stop to think if their bank would really email them asking to confirm their details, etc, etc.

    And the solution is a hefty self-administered fine for stupidity. Phishers just took your life savings? Too bad. Learn from it. Be smarter next time. Problem solved.

    reply to this | link to this | view in thread ]

  7. identicon
    squik, May 10th, 2007 @ 2:58am

    Two words

    Actually, one acronym and one word: DNS Poisoning.

    reply to this | link to this | view in thread ]

  8. identicon
    darkbhudda, May 10th, 2007 @ 11:50pm

    Banks need to stop sending out emails that look like spam. Some of their legitimate emails are so dodgy, it's no wonder some people can't tell the difference.

    reply to this | link to this | view in thread ]

  9. identicon
    John, May 11th, 2007 @ 1:51pm


    Like many people are saying, the issue isn't a new top level domain, but educating users.
    A ".safe" domain name will do absolutely no good if people still don't realize that a URL of "23.432.32.122/boa/cgi-bin/account.jsp" is not the real Bank of America site.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.