Forgot your password?
typodupeerror

Microsoft Sponsors Antiphishing Bakeoff 94

Posted by kdawson
from the here-phishie-phishie dept.
uniquebydegrees writes, "InfoWorld is blogging about the (predictable) results of a Microsoft-sponsored antiphishing technology bakeoff. From the TechWatch blog: 'Microsoft's Phishing Filter (MPF) in IE 7 Beta 3 received the highest "composite score" at 172, followed closely by NetCraft's toolbar with a composite score of 168. But when you dig into the numbers, another story emerges... IE's MPF antiphishing toolbar doesn't top out any of the individual tests that make up the composite score... So how did MPF end up on top?... Microsoft didn't do the best job of spotting phish sites, but it did do the best job of blocking the ones it did spot, and blocking was what garnered the most points... Blocking a phishing Web site earned you twice as many points as just warning about it in this test, but is blocking really twice as effective as just warning users?'"
This discussion has been archived. No new comments can be posted.

Microsoft Sponsors Antiphishing Bakeoff

Comments Filter:
  • by porcupine8 (816071) on Thursday September 28, 2006 @04:36PM (#16236387) Journal
    Just a few months ago, someone "broke into" my sister's PayPal account, and from there her bank account.

    A couple of months after the fact, my mom let slip that not only was this actually because she fell for phishing, but my mom had fallen for the same email - luckily, they didn't get to her bank account. (Mainly b/c when my sister discovered what had happened, my mom ran to cover her ass.)

    I wanted to whack them both upside the head. But trust me, they are far more representative of the average user than you or I.

  • by kers (847541) on Thursday September 28, 2006 @04:58PM (#16236799) Homepage
    I am curious, how did they "get to her bank account"? A lot of my international friends have this scare of people getting to know their bank account number and I can't understand why. Is it really that easy to pull money from an account that *belong to another person*? Over here I need a valid ID or a PIN-secured cryptographic device (that look like a simple pocket calculator) just to move money between my own accounts. Is bank security really that terrible?
  • by G4from128k (686170) on Thursday September 28, 2006 @05:28PM (#16237285)
    GeoTrust TrustWatch caught 99%, but had a 32% false positive rate.

    I'd be interested to know about these false positives. I'd bet that some legitimate sites use designs that are are hard to distinguish from phishing sites. I would argue this is bad.

    Perhaps GeoTrust is right and the false positive sites are wrong.
  • by merreborn (853723) on Thursday September 28, 2006 @05:29PM (#16237307) Journal
    My fiance just started as a teller at a Wells Fargo. She says that people come in with questions exactly like that every single day, along with "I need a cashiers check to send to this nice man in Nigeria", and

    "I just got an email saying I won the Canadian Lottery, and I need a cashiers check for $4,000 to cover the taxes"
    "Did you ever _enter_ the Canadian lottery?"
    "No."
    "I hate to tell you this ma'am, but it's a scam."

    Every god damn day.

White dwarf seeks red giant for binary relationship.

Working...