[TrustBar] Re: [Anti-fraud] user guide with screen shots for TrustBar

Amir Herzberg herzbea at macs.biu.ac.il
Sun Sep 18 09:59:25 EDT 2005 

Ian G wrote:
 > Amir Herzberg wrote:
 >
 >> Hi, as Ian requested - I've put some screen shots of TrustBar in
 >> http://www.cs.biu.ac.il/~herzbea//TrustBar/help.html
 >
 >
 > OK, got it.  Here's a blog entry where I've
 > used some of the others I've found, sort of
 > written for journalists and so forth.
 >
 > https://www.financialcryptography.com/mt/archives/000546.html

Ian, few comments on your entry:

In your screen shot of TrustBar you evidently did _not_ select the name 
PayPal, Inc. yourself... Like, I suspect, many users, you simply used 
the automatically-presented identifier (PayPal, Inc.) which TrustBar 
extracted from PayPal's certificate...

If you _would_ have assigned your own, chosen name to the site, e.g. My 
PP, this will be marked with green background, see enclosed...

And I think to complete the picture, it would be nice to also show the 
screen with a user-chosen logo.

One last comment: at the end, you said:

 > One thing that neither of those tools will do is work without SSL.

That's not quite true for TrustBar; we allow users to assign names/logos 
also for unprotected sites. Without SSL, this by itself does not protect 
users from MITM, but as you often wrote, most attacks, at least so far, 
were by weaker attackers, so this does provide some value.

Furthermore, in our new releases, we are adding some defenses (even 
against MITM) for the important case of unprotected login sites (some 
already available); I'll describe these in separate note.

Best, Amir
p.s. Ok, we'll continue working on OS X + FreeBSD... sorry.
-- 
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: 
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s003.gif
Type: image/gif
Size: 28893 bytes
Desc: not available
Url : http://mozdev.org/pipermail/trustbar/attachments/20050918/00234fce/s003-0001.gif

More information about the TrustBar mailing list