From brianellin at gmail.com  Mon Feb 27 13:57:39 2006
From: brianellin at gmail.com (Brian Ellin)
Date: Mon Feb 27 16:58:12 2006
Subject: [Petname] Negative pattern for petnames
Message-ID: <9674d5350602271357o473a267dv83c1f79739c236ec@mail.gmail.com>

Hello,

I discovered the Petname Tool when thinking about ways to prevent
phishing of our users' passwords from an OpenID server we run at work.
 I was thinking about a specialized plugin for ananlyzing a page's
content and matching it against a set of urls and patterns, and then
visually presenting the user with a report.  The report would be red,
green, or white to describe the current phishing risk level of the
current site.

A friend pointed me to petnames and Petname Tool.  A much better (and
more general) solution to the system I came up with earlier!  I've
been using it for a while, and it is extremely useful!  I do think it
suffers slightly from the user's "zoning out" and not paying attention
to the petname bar.  For example, i try to log into paypal via a link
i've followed, and it just remains white and says untrusted.  There is
no change in state that catches my eye, so i don't notice that
something is up.

It would be wonderful if petname tool could associate patterns or
keywords with a given petname, such that a warning could be displayed
if the site is untrusted.  For example, a pattern for my "small
payments" paypal.com petname would be a site that has a form and
mentions "paypal" and "login".  If this "pattern" was found on a page,
and the current certificate does not match the cert for my petname, a
warning would be displayed in red in the petname box.  This would
catch my eye, and alert to me of potential phishiness.

Has a technique such as this been discussed on this list?  Patterns
for well known sites could be developed and shared.  Thoughts?

Thanks for the great extension,

Brian Ellin
JanRain, Inc.