Monday, April 16, 2007

Trustworthy Computing Resources: the internet battlefield

On the page of the Trustworthy Computing Resources there is a scary article on the Internet battlefield. Containing a nice and complex graphic with all kinds of attacks. With the conclusion that:
it’s clear from the diagram that there is no silver bullet that will address all issues. The threats (spoofing, pharming, phishing, DNS-hijacking etc) are continuously evolving and blended together by the Bad Guys to form new attacks.

These issues call for a strategy which makes it easier for users to assess whether they are on the correct site (i.e. stronger mutual authentication) and moves away from using shared secrets to authenticate (e.g. username and password).