Hey JustAnotherReader,
I wonder if your major bank is one of the ones that uses Extended Validation SSL - or is considering that option. If a site visitor has an EV compatible browser like IE7, it shows the name of the bank you're connecting with in the interface, along with the green address bar that lots of people are talking about. That means I can definitively identify that I'm connected to the real deal before I put in any information I don't want to share with the entire world. My own bank, ING, has these green bars now, and I've seen it on other sites including banks and major e-commerce sites like eBay and PayPal. I'm pretty happy to see it when I log in. I feel like the bank has given me another tool to make sure I don't get fooled by a clever phisher.
-Marwaan
Some banks have addressed this problem by employing Extended Validation SSL. That's the new kind of SSL that causes the address bar to turn green in IE7. I understand other browsers are on the way, including Firefox 3. Not only does IE show the green address bar, but it also lists the name of the organization. So for example, if you go to ING Direct in the UK (ingdirect.co.uk) and go to the login page, it says "ING DIRECT" right in the browser's chrome. I've seen this on other banks like Fifth Third as well as a bunch of e-commerce sites like eBay and Travelocity. From what I've read the name of the organization is authenticated, meaning it would be very hard for a phisher to get a cert with this bank name on it. If every bank got green bars and everybody got an EV compatible browser (with Firefox on the way it's not such a crazy thought), then the basic "your-account-is-frozen" phish that is so prevelent today would be rendered largely ineffective.
Despite what the abstract says, this "research" doesn't really have a sample size of 27 subjects. It's 3 tests of 9 subjects each. That's not much of a sample size. If you look at Figure 4 you'll see that the potential variance on these results is considerably more than the differences we're supposed to be noticing. For example, the Control group on the "Real, confusing" test, the chart indicates that the actual result is 95% likely to be somewhere between 5% and 75%. Thanks guys. That's helpful.
In other words, you can't conclude anything based on this number of data points.
Slashdot Mirror
Hey JustAnotherReader, I wonder if your major bank is one of the ones that uses Extended Validation SSL - or is considering that option. If a site visitor has an EV compatible browser like IE7, it shows the name of the bank you're connecting with in the interface, along with the green address bar that lots of people are talking about. That means I can definitively identify that I'm connected to the real deal before I put in any information I don't want to share with the entire world. My own bank, ING, has these green bars now, and I've seen it on other sites including banks and major e-commerce sites like eBay and PayPal. I'm pretty happy to see it when I log in. I feel like the bank has given me another tool to make sure I don't get fooled by a clever phisher. -Marwaan
Some banks have addressed this problem by employing Extended Validation SSL. That's the new kind of SSL that causes the address bar to turn green in IE7. I understand other browsers are on the way, including Firefox 3. Not only does IE show the green address bar, but it also lists the name of the organization. So for example, if you go to ING Direct in the UK (ingdirect.co.uk) and go to the login page, it says "ING DIRECT" right in the browser's chrome. I've seen this on other banks like Fifth Third as well as a bunch of e-commerce sites like eBay and Travelocity. From what I've read the name of the organization is authenticated, meaning it would be very hard for a phisher to get a cert with this bank name on it. If every bank got green bars and everybody got an EV compatible browser (with Firefox on the way it's not such a crazy thought), then the basic "your-account-is-frozen" phish that is so prevelent today would be rendered largely ineffective.
Despite what the abstract says, this "research" doesn't really have a sample size of 27 subjects. It's 3 tests of 9 subjects each. That's not much of a sample size. If you look at Figure 4 you'll see that the potential variance on these results is considerably more than the differences we're supposed to be noticing. For example, the Control group on the "Real, confusing" test, the chart indicates that the actual result is 95% likely to be somewhere between 5% and 75%. Thanks guys. That's helpful. In other words, you can't conclude anything based on this number of data points.