URL Reading

This is the second post about Cormac Herley’s paper called “So Long And No Thanks For The Externalities”, which highlights the cost to users of security advice.

He focusses on 3 areas of advice-giving: Password Rules, URL Reading (to avoid phishing) and Certificate Errors. This blogpost is about URL Reading.

His point is that teaching users to read URLs for protection from phishing is a lost cause. And I think he’s probably right. There is no way we can provide simple, reliable advice in this area – URL syntax is complex enough that anything simple isn’t reliable, and what’s reliable isn’t simple. We need a way to securely replace URLs with a human-readable, unambiguous, verifiable, site or business identifier. And that’s exactly what EV certificates are.

So stay tuned for tomorrow’s installment on Certificate Errors, where he has something to say about those :-)

One thought on “URL Reading

  1. I just like the valuable info you provide to your articles.
    I will bookmark your blog and test once more right
    here regularly. I am relatively sure I will learn a lot of new stuff proper right here!
    Good luck for the next!

Leave a Reply

Your email address will not be published. Required fields are marked *