A Foolproof Way To End Bank Account Phishing?

tcd004 writes "F-Secure's Mikko Hypponen proposes an elegant solution to the problem of bank account phishing in the latest Foreign Policy magazine. Hypponen thinks banks should have exclusive use of a new top-level domain: .bank. 'Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn't be just a few dollars: it could be something like $50,000 — making it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time."

dibs!!!!!

[Average_Joe_Sixpack]

sperm.bank

Re:dibs!!!!!

[EmbeddedJanitor]

Dear Sir/Madam I am interested in your services:

How do I make an online deposit?

Are there penalties for early withdrawal?

Re:dibs!!!!!

sperm.bank

Deposits will require both the .bank tld and the .xxx tld

I don't even want to know about withdrawals...

Re:dibs!!!!!

[Penguinshit]

Are there penalties for early withdrawal?

Yes; no linked child accounts... although for some that is desirable.

Foolproof system

[Reason58]

"Foolproof systems do not take into account the ingenuity of fools."

Re:Foolproof system

[treeves]

The quote in my sig was previously:

"There's no system foolproof enough to defeat a sufficiently great fool." -- Edward Teller

Ummmmm...

[TheDarkener]

I just made thedarkener.bank on my own computer, using /etc/hosts. It points to my computer.

I'm gonna go smoke a bowl and see if I can't remember if I spent $50,000 on it or just used basic computer knowledge to bypass the TLD.

Re:Ummmmm...

[Score+Whore]

Now all you've got to do is fake up an email from your bank, send it to yourself. Then when you fall for the trick you'll have your username/account number and passwords. You are truly a l33t hax0r.

Re:Ummmmm...

[roystgnr]

Now all you've got to do is fake up an email from your bank, send it to yourself. Then when you fall for the trick you'll have your username/account number and passwords. You are truly a l33t hax0r.

That, or he'd have to hack into someone else's computer. I know that's impossible today, but a few pessimistic computer scientists suggest that one day Microsoft's crack team of programmers may make a mistake, allowing a malformed file or network connection to initiate the execution of malicious code on an innocent person's computer! Worse yet, some fear that the vigilance of today's sophisticated computer users may itself fail. It's unlikely that anyone would be foolish enough to run an executable file from an untrustworthy source without at least rigorously testing it in a "sandbox" environment, but rumor says that in a few underfunded public schools the computer security classes don't even teach kids how to set up a virtual machine!

I know it will never happen

[Frogbert]

But god would it be good to gouge banks for $50k. It would feel so sweet.

Re:I know it will never happen

[Reason58]

But god would it be good to gouge banks for $50k. It would feel so sweet.

Until you realize it was your own money.

Re:Solution?

[g0dsp33d]

PS Scam artists laugh and respond with a .phish TLD.

Re:We'll see about that.

[seaturnip]

What blatant lack of security signs? The site had pictures of locks all over it!

I have an even easier way!

[csoto]

Keep all your money hidden in your mattress! No phish there!

Re:We'll see about that.

[smegged]

Thanks, now I don't have to bother typing this myself.

Re:We'll see about that.

[JimDaGeek]

Dear "OurBank", I use Mac OSX and Linux, your "ourBank.exe" did not work. Please send me either a .deb file or an .dmg. That should help me a lot.