[TrustBar] Re: [Anti-fraud] user guide with screen shots for
TrustBar
Ian G
iang at systemics.com
Sun Sep 18 15:23:56 EDT 2005
Amir Herzberg wrote:
> In your screen shot of TrustBar you evidently did _not_ select the name
> PayPal, Inc. yourself... Like, I suspect, many users, you simply used
> the automatically-presented identifier (PayPal, Inc.) which TrustBar
> extracted from PayPal's certificate...
Ha, fixed. I've rewritten some of the text
and put the extra image up there. If I had
graphical genes in my blood I'd spend some
time making the images smaller and more
precise....
https://www.financialcryptography.com/mt/archives/000546.html
> If you _would_ have assigned your own, chosen name to the site, e.g. My
> PP, this will be marked with green background, see enclosed...
> > One thing that neither of those tools will do is work without SSL.
>
> That's not quite true for TrustBar; we allow users to assign names/logos
> also for unprotected sites. Without SSL, this by itself does not protect
> users from MITM, but as you often wrote, most attacks, at least so far,
> were by weaker attackers, so this does provide some value.
Ah! OK. Well, that makes for a more interesting
experiment.
> Furthermore, in our new releases, we are adding some defenses (even
> against MITM) for the important case of unprotected login sites (some
> already available); I'll describe these in separate note.
Looking forward to it. I had a reply to your
login proposal ... but lost it when my machine
crashed. It was obviously important ;)
> p.s. Ok, we'll continue working on OS X + FreeBSD... sorry.
OK! It certainly would make it easier to post
things like the Logos, but as I've never actually
seen them, I have to make things up, journo style ;)
iang
More information about the TrustBar
mailing list