Jul 22, 2009

Phish me a Safari

Recently I decided to install Safari 4. The experience is quite nice, except I'm paranoid about phishing. Yes, I check the certificates of sites where I'm about to provide my user credentials. I check the validity of links before I click on them. I even use different browsers when browsing trusted and not so trusted sites (some might point me to this surf jacking article, but oh well).

In general, phishing is a concept that's been around for a while. It revolves around the idea to trick a user into performing an action while thinking he/she was performing another action. One of the mechanisms to do so is through obfuscating links inside a Web page. More on this can be found here.

Typically, Windows based browsers have been pretty good about revealing the URL of a link before clicking on it as this was a valid concern a few years ago (circa 2004/5). However, after switching to Mac I could say that I'm quite disappointed of not seeing any notification about the links I'm about to click on a page. In a way that goes against the secure by default concept that OS makers started adopting in 2003. Or maybe I'm just assuming too much from Apple?

P.S. - Of course, I can turn on the Safari status bar and everything will be fine; but then, would all users do the same?

No comments: