[thelist] IE7 Ecommerce problem

Donna Jones donnajjones at gwi.net
Wed Oct 4 22:57:33 CDT 2006 

Hi BJ, is it okay to quote your e-mail on another list.  Specifically 
I's thinking of the list that comes from this website: 
http://www.wise-women.org/   I never know whether to "quote or not" and 
started to write it in my own words but you've done it so much better 
than I would.

Its very important and very aggravating stuff, eh!

Thanks very much for the heads up.

best
Donna Jones

BJ wrote:
> IE7 has a phishing filter built in, that users can turn on, and will be 
> widely pushed as one of their security features. In fact, according to 
> an email I received from Zoe Gillenwater, they're already talking it up, 
> at least they did at the conference she attended recently.
> 
> There are two problems with it. The first is that it's giving a fair 
> amount of false positives. This brands legitimate sites as "phishers". 
> The false positives can appear on any page, and are often very deep into 
> the ecommerce payment process where most folks who own an ecommerce site 
> wouldn't look after initially testing out the cart to see if it works. 
> The only way to report the issue is to find the page within the site 
> which is being labelled *boldly* as a phishing site, and click the link 
> there for site owners to report false positives, which MS seems to be 
> handling quickly now, but since IE7 is to be released as a priority 
> download through autoupdate it could be very hurtful to a lot of 
> business people on the web who aren't aware of this and get nailed at 
> the time of the IE7 "bulk" release.
> 
> The other problem with it is that there is a link within the IE7 browser 
> where anyone can report a "suspicious" site, which seems to have the 
> effect of labelling the site in question fairly quickly, and whether the 
> MS folks are vetting these reports is questionable at this point. The 
> potential for abuse is astronomical. Anyone can report their 
> competitors' sites as phishing sites. Even if the issue is caught by the 
> legitimate site owner within a few days there may be enough residual 
> damage via word of mouth to put a dent in that person's business.
> 
> I found out about it through this thread on WebProWorld:
> <http://www.webproworld.com/viewtopic.php?t=67905>
> 
> If you have a blog, please blog this issue. I've posted it on the 
> cubecart forum, if y'all belong to other ecommerce ap forums please pass 
> the word. I would also suggest being proactive and notifying clients for 
> whom you've designed ecommerce sites about the issue, so they don't 
> think it's anything you did, and so they can deal with it before the big 
> turd hits the fan. This could get very ugly.
> 

-- 
Donna Jones
Portland, Maine
207 772 0266
http://www.westendwebs.com/

More information about the thelist mailing list