[thelist] IE7 Ecommerce problem

Ken Schaefer ken.schaefer at gmail.com
Thu Oct 5 00:52:46 CDT 2006


All requests to be added or taken off the phishing lists are vetted -
it is not an automatic process.

What exactly is "a fair amount" in empirical terms? It's a bit vague.
>From what I understand, most of the major studies comparing filters
seem to put IE at the better end of the spectrum (i.e. fewer false
positives, more positive identifications).

And lastly, what does IE do that other phishing filters do not? Why is
the IE phishing filter any worse than any of the other filters already
out there for quite some time?



On 10/5/06, BJ <bj at kickasswebdesign.com> wrote:
> IE7 has a phishing filter built in, that users can turn on, and will be
> widely pushed as one of their security features. In fact, according to
> an email I received from Zoe Gillenwater, they're already talking it up,
> at least they did at the conference she attended recently.
> There are two problems with it. The first is that it's giving a fair
> amount of false positives. This brands legitimate sites as "phishers".
> The false positives can appear on any page, and are often very deep into
> the ecommerce payment process where most folks who own an ecommerce site
> wouldn't look after initially testing out the cart to see if it works.
> The only way to report the issue is to find the page within the site
> which is being labelled *boldly* as a phishing site, and click the link
> there for site owners to report false positives, which MS seems to be
> handling quickly now, but since IE7 is to be released as a priority
> download through autoupdate it could be very hurtful to a lot of
> business people on the web who aren't aware of this and get nailed at
> the time of the IE7 "bulk" release.
> The other problem with it is that there is a link within the IE7 browser
> where anyone can report a "suspicious" site, which seems to have the
> effect of labelling the site in question fairly quickly, and whether the
> MS folks are vetting these reports is questionable at this point. The
> potential for abuse is astronomical. Anyone can report their
> competitors' sites as phishing sites. Even if the issue is caught by the
> legitimate site owner within a few days there may be enough residual
> damage via word of mouth to put a dent in that person's business.
> I found out about it through this thread on WebProWorld:
> <http://www.webproworld.com/viewtopic.php?t=67905>
> If you have a blog, please blog this issue. I've posted it on the
> cubecart forum, if y'all belong to other ecommerce ap forums please pass
> the word. I would also suggest being proactive and notifying clients for
> whom you've designed ecommerce sites about the issue, so they don't
> think it's anything you did, and so they can deal with it before the big
> turd hits the fan. This could get very ugly.
> --
> Ciao for Now,
> bj
> SAVE THE INTERNET! http://savetheinternet.com
> http://kickasswebdesign.com
> devblog: http://kickasswebdesign.com/wordpress/
> Kickass WebGeek Resources: http://kickasswebdesign.com/webgeekdir/
> Refresh Delaware Valley - Web Accessibility Group
> http://refreshdelval.org
> "I'd put my money on the Sun and solar energy. What a source of power!
> I hope we don't have to wait until oil and coal run out before we tackle that."
> -Thomas Edison
> --
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !

More information about the thelist mailing list