[LINK] Airlink
Paul Brooks
pbrooks-link at layer10.com.au
Wed May 23 14:27:25 AEST 2012
On 23/05/2012 2:05 PM, Richard Chirgwin wrote:
> I don't know, to tell the truth. When I hover over a link, I take a look
> at the URL in the bottom of the browser. I frequently run Twitter links
> through Unfurlr in case they're nasties.
>
> RC
Thats fine if you have something that can hover. When the method is to use a mobile
device to take a photo of a seemingly innocent picture and trust that the resulting
signature (a) matches what the publisher registered, and (b) leads to the URL the
publisher wants you to see, without any opportunity to verify the URL first, its
fraught with danger.
I can see problems in years to come when the database of signatures has filled up a
bit, with 'image-squatters' registering images with signatures only slightly different
from the victim image so that if a consumer takes a photo from an off angle or bad
light they get directed to a completely unintended site.
>
> On 23/05/12 9:37 AM, Rick Welykochy wrote:
>> Richard Chirgwin wrote:
>>
>>> I just love the idea of habituating people to an attack vector. "Oh
>>> look. You can't see the URL or link. But you'll use it anyway."
>>>
>>> We'll have the Arlink attack IQ test within a year.
>> How people would pass a link or ULR test today?
>>
>>
>> cheers
>> rickw
>>
>>
>
Paul.
More information about the Link
mailing list