02:53 PM

Browser Makers Band Together Against Phishers

Developers speaking for Internet Explorer, Firefox, Opera, and Konqueror recently met in Toronto to discuss how their browsers could better identify trusted and suspicious Web sites.

Representatives from the most prominent browser makers -- including Microsoft and Mozilla -- recently gathered to discuss ways to make it clearer to users which Web sites are safe and which are fake.

Developers speaking for Internet Explorer, Firefox, Opera, and Konqueror met in Toronto last week to hash over ideas on how their browsers could better identify trusted and suspicious Web sites. Additionally, they talked about changes to browser pop-ups that would make it more difficult for scammers to spoof sites or trick users into divulging personal information such as bank or credit card account numbers and passwords.

"This should go a long way toward addressing phishing attack issues," said George Staikos, a developer for the open-source Linux/Unix KDE graphical environment, and the host of the browser meeting in his Toronto office.

Rob Franco, lead program manager for IE's security group, represented Microsoft, and explained his team's take in a blog entry on the official IE site.

"If the browsers and the Certification Authority industry can generate better guidelines to identify sites, we want to take the experience in the address bar a step further to help create a positive experience for rigorously-identified HTTPS sites," Franco wrote.

The basic plan would be for all browsers to tint the address bar green when users visit major-brand sites with a "highly-assured" digital certificate. Suspicious sites that might be sources of phishing scams would be indicated by a red address bar. A padlock icon would be also be set in the address bar, where it's more visible, when users are at an SSL-secured page.

"We want to show the users a special display to indicate they're in fact at a reputable site, as opposed to one which is only masquerading as one, said Staikos.

The move couldn't come too soon, as phishers have already used self-signed certificates to fool users into trusting fraudulent sites.

Additionally, the plan would put an address bar in every browser window, even those popped up or under as forms, to defeat fraudsters' camouflaging tricks.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.