What’s Safe?

Another example of why you can’t really trust software to tell you whether a website is dangerous or not. The Register reports that a Trusted search software labels fraud site as ‘safe’:  

Digital certificate firm GeoTrust’s launch of a search engine with built in trust features this week has been marred by the classification of a phishing site as genuine. Powered by Ask Jeeves, GeoTrust TrustWatch search aims to protect users against fraudulent behaviour and phishing attacks by giving web sites a verification rating. It’s a laudable aim, but the classification of a recently created phishing site as “verified as safe” raises serious doubts about the effectiveness of the technology. Such incorrect classifications create a false sense of security that can only play into the hands of would-be fraudsters.

As I’ve explained elsewhere, it’s more dangerous to offer a service that claims to warn you about phishing–related and other dodgy websites if you can’t guarantee 100% success, as it merely lulls a user into a false sense of security. Another reason why these things won’t work is the false positive, which EarthLink found to its (temporary) cost.

28. September 2005 by jeremy
Categories: Phishing, Security | Tags: , , , , , , , , , | Comments Off on What’s Safe?