|
For more information, press only
|
bet | 12/14 | Sana | 20.09.2020 | Hajmi | 2,03 Mb. | | #11499 |
Most users are unaware of how much personal, traceable data is transmitted with every click of the mouse while they are browsing the Web. The extent of this information continues to grow as browser developers and Web site operators evolve their technologies to enable more powerful and convenient user features. Similarly, most online users are likely to have trouble discerning a valid Web site from a bogus copy.
The extent to which convenience and discount pricing are available online gives users an attractive reason to click and buy. The Internet enables any large or small business to easily create an online storefront for selling goods, enabling the business to reach a consumer audience well beyond traditional physical and geographic boundaries. Search engine marketing efforts allow these Web sites to establish instant consumer credibility and reach millions of users through some of the largest search engines or portal Web sites. The combination of these factors creates situations in which consumers are dealing with distant businesses and left with fewer concrete mechanisms to differentiate legitimate businesses from those seeking to collect their information for improper gain. Another challenge facing users is the ability for malicious Web site operators to abuse the same search listing services to attract unsuspecting consumers to knockoff Web sites designed to mimic the appearance and function of well-known and trusted businesses.
A technique used by many malicious Web site operators to gather personal information is known as phishing — masquerading online as a legitimate person or business for the purpose of acquiring sensitive information. Such fake Web sites designed to look like the legitimate sites are referred to as spoofed sites. Over the past year, phishing attacks have been reported in record numbers, and identity theft is emerging as a major threat to personal financial security. In the past two years, the number of confirmed phishing sites has grown twenty-fold — from 580 to more than 11,000 (source: Anti-Phishing Working Group, April 2006 report).
Unlike direct attacks where hackers break into a system to obtain account information, a phishing attack does not require technical sophistication but instead relies on users willingly divulging information such as financial account passwords or Social Security numbers. These socially engineered attacks are among the most difficult to defend because they require user education and understanding rather than merely issuing an update for an application. Even experienced professionals can be fooled by the quality and details of some phishing Web sites as hackers become more experienced and learn to react more quickly to avoid detection.
Internet Explorer 7 offers a range of enhancements and solutions to better protect against malicious Web site operators and help prevent users from becoming victims of confusing URLs. The new Security Status Bar, located next to the Address Bar, is designed to help users quickly differentiate authentic Web sites from suspicious or malicious ones. In addition, Internet Explorer provides a simple file cleanup utility.
Certificates also play an essential role for users in validating e-commerce Web sites and helping to thwart phishing scams. The Security Status Bar in Internet Explorer 7 enhances access to certificate information by placing it more prominently in front of users and providing single-click access to the certificate.
Over the past few years, Web browser users have been introduced to the concept of encrypted communications and secure sockets layer (SSL) technologies to better protect their information from being obtained by third parties. Although many users have become quite familiar with SSL and its associated security benefits, a large proportion of Internet users remain overly trusting that any Web site asking for their confidential information must be protected. With the explosion of small- and home-based business Web sites selling goods that span the pricing spectrum, users are even more likely to encounter unknown entities asking for their financial information. The combination of these factors creates a situation ripe for abuse. Internet Explorer 7 addresses this issue by providing users with clear, prominent, color-coded visual cues to the safety and trustworthiness of a Web site. With the assistance of Internet Explorer 7 to help identify legitimate Web sites, users can more confidently browse and shop anywhere on the Internet.
Previous versions of Internet Explorer placed a gold padlock icon in the lower-right corner of the browser window to designate the trust and security level of the connected Web site. Given the importance and inherent trust value associated with the gold padlock, the new Security Status Bar places it more prominently in users’ line of sight. Users can now view the certificate information with a single click on the padlock icon. The Security Status Bar also supports information about Extended Validation certificates for those sites meeting guidelines for better entity identity validation. Users can benefit from support for Extended Validation certificates by having instant visual access to the increased validation of authenticity for a given Web site. To provide users with another visual cue designed to help them recognize questionable Web sites, the padlock now appears on a red background if Internet Explorer 7 detects any irregularities in the site’s certificate information. By contrast, trusted Web sites will clearly display the name of the certificate owner and a gold background to indicate that users can provide confidential data.
|
| |