Thursday, July 31, 2008

An Open Letter to Internet Explorer, Firefox, Netscape, Opera and other browsers

This letter was wriiten by Yurong Lin, CEO of Deepnet Explorer on March 11, 2005
We, the developers of Deepnet Explorer, believe that one of the most important issues is the growing number of internet users falling victim to phishing, identity theft and other online scams. Our mission is to combat this growing threat, by providing a secure web browser, Deepnet Explorer, that protects users from being victim of online fraud. We are writing this letter hoping that together we, and all browsers, can unite by implementing anti-phishing features and standards that will help users defend against phishing scams and online identity theft. Let me explain…
Most commercial web sites rely on a relatively weak form of password authentication: the browser simply sends a user's plaintext password to a remote web server. As you know, this form of password authentication is vulnerable to phishing scams.
In phishing scams, users are typically directed to spoof web sites where they are asked to enter their usernames and passwords. By masquerading as a legitimate site, a phishing site obtains the user's plaintext password for the legitimate site.
This is why we urge you to join us in the fight against phishing by implementing Password Hashing, which provides a simple yet very effective way of defending against phishing scams. Rather than send the user's plaintext password to a web site, browsers that supports password hashing, such as Deepnet Explorer, send the hash of the user's password combined with the domain name of the web site. The hash data is not only cryptographic; it is also specific to the web site itself. In other words, password hash received at the phishing site is not useful at any other site.
Deepnet Explorer has taken the initiative by introducing a new attribute to the INPUT element in HTML form. The new attribute is named “PROTECT”, and it can be applied to the password input as well as any other input that requires protection, such as the credit card number, social security number etc. The result is that any type of input data, not only the password, can be protected. Currently, Deepnet Explorer 1.4 supports two hashing algorithms, MD5 and SHA1. Following is a piece of example code:


We believe that our latest step towards combating phishing is effective, yet simple. We urge all browser developers to implement the same feature in order to put pressure on financial institutions and e-commerce website to follow suit.
Furthermore, we should all implement password hashing to the same standard, ensuring that websites that enable password hashing are compatible with all browsers.
Together we can make a difference.
Thank you for your attention.
Yurong Lin
Computer Support and Technical Support will always be provided by Microsoft certified technicians 24x7 ..Live
More on Deepnet Explorer>>
Deepnet Explorer - SOFTPEDIA "100% FREE" AWARD
Browsing the web with Deepnet Explorer
New Browser Super Charges Internet Explorer
Alternative Browsers Force Microsoft U Turn