Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Finds IE7 + EV SSL Won't Stop Phishing

Posted by kdawson on from the pretty-green-phishies dept.

An anonymous reader writes "Stanford University and Microsoft Research have published a study that claims that the new Extended Validation SSL Certificates in IE7 are ineffective (PDF). The study, based on user testing, found that EV certificates don't improve users' ability to detect attacks, that the interface can be spoofed, and that training users actually decreases their ability to detect attacks. The study will be presented at Usable Security 2007 next month, which is a little late now that the new certificates are already being issued."

2 of 84 comments (clear)

  1. Re:This really isn't an IE problem by ePhil_One · · Score: 2, Funny
    The newer certificates attempt to add a more measurable trust metric, but without user education it will be useless.


    Did you even read the summary?

    that training users actually decreases their ability to detect attacks

    With user training they are even more worthless!

    --
    You are in a maze of twisted little posts, all alike.
  2. Re:Protect your information by PitaBred · · Score: 2, Funny

    Mine's "kookaburra". I promise. Where's that chocolate bar?

    --
    My blog. Good stuff (when I remember to update it). Read it.