Wednesday, November 22, 2006

My life flashed before me

When I saw this rendering of Google Calendar

I thought it might have been a 'To Do List' GreaseMonkey script I was trying out so I uninstalled that. No change. Cleared cache and cookies. No deal. Using an 'https' URL resolved the issue.

A phish site could intentionally display a seemingly garbled rendering of a page, the only clearly visible information a phone number for 'Having troubles with this page, call this toll-free number 111-222-3333'.

'Uh yes, sir, I'll just need your account details to fix this problem'.

I expect that intentionally garbling the page could actually assuage any ID theft concern the user might have - it being so out of the ordinary that their normal expectations of UI and experience would be ignored. At the very least it would effectively disable any personalization mechanisms the real site might have implemented.

No comments: