All, it is true that many problems in the Phishing area would be eliminated by using e.g. S/MIME or other trusted signature mechanisms. That is only provided customers and the casual internet user know how to work with it. I strongly doubt that much will change for at least the next 5 to 7 years. The knowledge of the users has to change; and that - unfortunately - is a slow and winding path. Just imagine your grandmother trying to verify S/MIME or PGP. Have fun. Thursday, September 23, 2004, 4:57:03 PM, you wrote: AM> Gunter Ollmann (NGS) wrote: AM> [snip] >> While the Phishers >> develop evermore sophisticated attack vectors, businesses flounder to >> protect their customers' personal data and look to external experts for >> improving email security. Customers too have become wary of "official" >> email, and organisations struggle to install confidence in their >> communications. AM> Sometimes it's unbelivable how long it takes organizations to discover AM> that email can be signed. Especially nowdays when all major mail AM> readers have support for at least S/MIME (and the really good ones have AM> support for at least PGP ;-) ). -- Regards Karsten
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature