Pharewell to Phishing: Secure Direction and Redirection Over the Web
Source: University of Texas
The conventional wisdom has always been that users should refrain from entering their sensitive data (such as usernames, passwords, and credit card numbers) into http(or white) pages, but they can enter these data into https (or yellow) pages. Unfortunately, this assumption is not valid as it became clear recently that, through human mistakes or Phishing or Pharming attacks, a displayed yellow page may not be the same one that the user has intended to request in the first place. This paper proposes to add a third class of secure web pages called brown pages. It shows that brown pages are more secure than yellow pages especially in face of human mistakes and Phishing and Pharming attacks.