Aleksandar Milivojevic wrote: > Gunter Ollmann (NGS) wrote: > >>While the Phishers develop evermore sophisticated attack vectors [...] >>Customers too have become wary of "official" email, and organisations >>struggle to install confidence in their communications. > > Sometimes it's unbelivable how long it takes organizations to discover > that email can be signed. Especially nowdays when all major mail > readers have support for at least S/MIME How does that help in practice? A user fooled by a link to ebay-support.com is just as likely to accept signed mail from foo@xxxxxxxxxxxxxxxxx Not to mention that the potential profits from phishing could easily finance the purchase of a forged cert if someone at one of the built-in CA's was corruptible. Given the several that are based in 3rd world companies (not to mention recent US corporate scandals) I have no confidence that won't eventually happen. -Dan Veditz
