from the punching-a-hole-in-the-web-of-trust dept.
SkiifGeek writes "When the team at Sunbelt Software picked up on a sneaky hack present on the Bank of India website, it became a unique opportunity to see how anti-phishing and website trust verification tools were handling a legitimate site that had been attacked. Unfortunately, not one of the sites or tools identified that the Bank of India website was compromised and serving malware to all visitors The refresh time on a trust-brokering site is too long to be useful when a surf-by attack on a trusted site can take place in a matter of seconds, with a lifetime of hours, and with a victim base of thousands or greater."
Top Ten Things Overheard At The ANSI C Draft Committee Meetings:
(7) Well, it's an excellent idea, but it would make the compilers too
hard to write.