Syrian Electronic Army hacks into numerous CBS' Twitter accounts | Flickr - Photo Sharing!
But so could a little discipline about which links you click.

In the wake of successful attacks by the Syrian Electronic Army of high-profile media properties like the New York Times, NPR and the Guardian, researchers at the Information Security Group at Royal Holloway, University of London have created a prototype software architecture designed to take the human element out of phishing attacks. 

IDSpace is a browser extension that provides “a single user interface and user experience for user authentication, whilst supporting a range of existing identity management technologies.”

IDSpace acts as a sort of password manager, but it pops up to ask if you’d like it to fill in login/password details from its system only if the site you navigate to is legit. 

That would have come in handy for the news organizations the SEA has hacked, all of which fell victim to clicking on emailed links and entering passwords on a fake Google login screen. 

As Quartz’s Leo Mirani noted, Microsoft introduced a similar tool in 2006, which it discontinued in 2011. So why reintroduce a similar concept? According to codeveloper Chris Mitchell, phishing has become almost epidemic, the number of websites demanding registration has grown, and registering using another site’s login, like Facebook or Twitter, is common.

Mitchell and codeveloper Haitham Al Sinani are currently building the prototype from the architecture they outlined in their paper, “which (they) plan to make available for public scrutiny and testing.”

But online security requires one fundamental discipline, which cannot be automated: Discipline. If you use a tool like IDSpace and maintain the rigor of basing login-sharing on its counsel, fine and well. But if that one phishing email comes in that seems just convincing enough and you fall for it, you might as well never have downloaded the password manager at all.

Mitchell and Al Sinani have created their extension with a focus on retaining the habits of existing online behavior, instead of demanding that users learn new behaviors, which could risk mistakes. 

IDSpace can, and probably will, help. But without that discipline, it might as well be a GIF.  

H/T Quartz | Photo by denieseclariz/Flickr

Promoted Stories Powered by Sharethrough
hacking
The Syrian Electronic Army was hacked earlier this year
As Vice’s Motherboard appeared to expose Hatem Deeb as part of the leadership of the Syrian Electronic Army, and Brian Krebs did the same for Mohammad Osman, an April hack of the SEA (as opposed to by them), became better known.
The Latest From Daily Dot Video
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!