This browser extension could save you from the Syrian Electronic Army
In the wake of successful attacks by the Syrian Electronic Army of high-profile media properties like the New York Times, NPR and the Guardian, researchers at the Information Security Group at Royal Holloway, University of London have created a prototype software architecture designed to take the human element out of phishing attacks.
IDSpace is a browser extension that provides “a single user interface and user experience for user authentication, whilst supporting a range of existing identity management technologies.”
IDSpace acts as a sort of password manager, but it pops up to ask if you’d like it to fill in login/password details from its system only if the site you navigate to is legit.
That would have come in handy for the news organizations the SEA has hacked, all of which fell victim to clicking on emailed links and entering passwords on a fake Google login screen.
As Quartz’s Leo Mirani noted, Microsoft introduced a similar tool in 2006, which it discontinued in 2011. So why reintroduce a similar concept? According to codeveloper Chris Mitchell, phishing has become almost epidemic, the number of websites demanding registration has grown, and registering using another site’s login, like Facebook or Twitter, is common.
Mitchell and codeveloper Haitham Al Sinani are currently building the prototype from the architecture they outlined in their paper, “which (they) plan to make available for public scrutiny and testing.”
But online security requires one fundamental discipline, which cannot be automated: Discipline. If you use a tool like IDSpace and maintain the rigor of basing login-sharing on its counsel, fine and well. But if that one phishing email comes in that seems just convincing enough and you fall for it, you might as well never have downloaded the password manager at all.
Mitchell and Al Sinani have created their extension with a focus on retaining the habits of existing online behavior, instead of demanding that users learn new behaviors, which could risk mistakes.
IDSpace can, and probably will, help. But without that discipline, it might as well be a GIF.
Texans are adopting dogs in droves to rescue them from flooded animal shelters
Now this is Southern hospitality.75k
This photo of an Army widow at her husband's grave reminds us what Memorial Day is all about
Laureen Lopez-Berry's husband Richard was killed by a car bomb in Afghanistan in 2012.39k
How to play every classic video game on your phone
The best '80s and '90s consoles in the palm of your hand.21k
This 'Bob's Burgers' writer will hate-watch 'Entourage' for charity
She's trying to raise a total of $10,000 for CureSearch.
Tiny bear cubs have the world's cutest wrestling match
Can. Not. Handle. This.8