[thelist] IE7 Ecommerce problem

BJ bj at kickasswebdesign.com
Wed Oct 4 12:27:42 CDT 2006


IE7 has a phishing filter built in, that users can turn on, and will be 
widely pushed as one of their security features. In fact, according to 
an email I received from Zoe Gillenwater, they're already talking it up, 
at least they did at the conference she attended recently.

There are two problems with it. The first is that it's giving a fair 
amount of false positives. This brands legitimate sites as "phishers". 
The false positives can appear on any page, and are often very deep into 
the ecommerce payment process where most folks who own an ecommerce site 
wouldn't look after initially testing out the cart to see if it works. 
The only way to report the issue is to find the page within the site 
which is being labelled *boldly* as a phishing site, and click the link 
there for site owners to report false positives, which MS seems to be 
handling quickly now, but since IE7 is to be released as a priority 
download through autoupdate it could be very hurtful to a lot of 
business people on the web who aren't aware of this and get nailed at 
the time of the IE7 "bulk" release.

The other problem with it is that there is a link within the IE7 browser 
where anyone can report a "suspicious" site, which seems to have the 
effect of labelling the site in question fairly quickly, and whether the 
MS folks are vetting these reports is questionable at this point. The 
potential for abuse is astronomical. Anyone can report their 
competitors' sites as phishing sites. Even if the issue is caught by the 
legitimate site owner within a few days there may be enough residual 
damage via word of mouth to put a dent in that person's business.

I found out about it through this thread on WebProWorld:
<http://www.webproworld.com/viewtopic.php?t=67905>

If you have a blog, please blog this issue. I've posted it on the 
cubecart forum, if y'all belong to other ecommerce ap forums please pass 
the word. I would also suggest being proactive and notifying clients for 
whom you've designed ecommerce sites about the issue, so they don't 
think it's anything you did, and so they can deal with it before the big 
turd hits the fan. This could get very ugly.

-- 
Ciao for Now,
bj

SAVE THE INTERNET! http://savetheinternet.com

http://kickasswebdesign.com
devblog: http://kickasswebdesign.com/wordpress/
Kickass WebGeek Resources: http://kickasswebdesign.com/webgeekdir/
Refresh Delaware Valley - Web Accessibility Group
http://refreshdelval.org

"I'd put my money on the Sun and solar energy. What a source of power!
I hope we don't have to wait until oil and coal run out before we tackle that."
-Thomas Edison




More information about the thelist mailing list