The title doesn't seem accurate to the article's contents at all. They're proposing a heuristic to detect phishing URLs that are imitating real ones.
The title doesn't seem accurate to the article's contents at all. They're proposing a heuristic to detect phishing URLs that are imitating real ones.
Our goal is to develop a set of heuristics that pushes attackers away from extremely misleading URLs, and a key challenge is to avoid flagging legitimate domains as suspicious. This is why we're launching this warning slowly, as an experiment.
Agreed, very weird title. I edited it to one that I think summarizes the article a little better, hopefully that's okay with you, @alyaza. Reading a little more about the project, Emily Stark (who...
Agreed, very weird title. I edited it to one that I think summarizes the article a little better, hopefully that's okay with you, @alyaza.
Reading a little more about the project, Emily Stark (who they interviewed) had a talk at USENIX about it, and the description includes:
In this talk, I’ll discuss the URLephant in the room: the fact that the web security model rests on users noticing and understanding URLs as indicators of website identities, but they don’t actually work very well for that purpose. I’ll discuss how the Chrome usable security team measures whether an indicator of website identity is working, and when the security community should consider breaking some rules of usable security in search of better solutions. Finally, I’ll share some thoughts on the big question: is it time to give up entirely on URLs as a user-facing security mechanism?
I feel like she probably said something along those lines, like, "we'd like to find a way to stop using URLs as the way that users confirm that they're on the website they think they are", and the article's author somehow twisted that into, "they'd like to get rid of URLs entirely".
Repo for trickuri
The title doesn't seem accurate to the article's contents at all. They're proposing a heuristic to detect phishing URLs that are imitating real ones.
Agreed, very weird title. I edited it to one that I think summarizes the article a little better, hopefully that's okay with you, @alyaza.
Reading a little more about the project, Emily Stark (who they interviewed) had a talk at USENIX about it, and the description includes:
I feel like she probably said something along those lines, like, "we'd like to find a way to stop using URLs as the way that users confirm that they're on the website they think they are", and the article's author somehow twisted that into, "they'd like to get rid of URLs entirely".
this sort of thing is well out of my wheelhouse so yeah, the title change is fine