[LINK] Airlink
Richard Chirgwin
rchirgwin at ozemail.com.au
Wed May 23 16:46:18 AEST 2012
On 23/05/12 2:27 PM, Paul Brooks wrote:
> On 23/05/2012 2:05 PM, Richard Chirgwin wrote:
>> I don't know, to tell the truth. When I hover over a link, I take a look
>> at the URL in the bottom of the browser. I frequently run Twitter links
>> through Unfurlr in case they're nasties.
>>
>> RC
> Thats fine if you have something that can hover. When the method is to use a mobile
> device to take a photo of a seemingly innocent picture and trust that the resulting
> signature (a) matches what the publisher registered, and (b) leads to the URL the
> publisher wants you to see, without any opportunity to verify the URL first, its
> fraught with danger.
>
> I can see problems in years to come when the database of signatures has filled up a
> bit, with 'image-squatters' registering images with signatures only slightly different
> from the victim image so that if a consumer takes a photo from an off angle or bad
> light they get directed to a completely unintended site.
Paul,
You beat me in pessimism! But I think the basic premise, "invisible and
unparseable links are bad" can stand?
RC
>
>
>> On 23/05/12 9:37 AM, Rick Welykochy wrote:
>>> Richard Chirgwin wrote:
>>>
>>>> I just love the idea of habituating people to an attack vector. "Oh
>>>> look. You can't see the URL or link. But you'll use it anyway."
>>>>
>>>> We'll have the Arlink attack IQ test within a year.
>>> How people would pass a link or ULR test today?
>>>
>>>
>>> cheers
>>> rickw
>>>
>>>
> Paul.
>
More information about the Link
mailing list