On Jun 28, 2004, at 1:56 PM, Stephen J. Wilcox wrote:
Personally - bad.
Another personal response (edited from my response to the LINX paper): Fighting "phishing" web sites is a necessary and important task. Of course, part of why it is necessary is because end users are ignorant, untrained, and/or gullible. But the fact remains that phishing is a burden on society and the Internet. Unfortunately, I worry that this cure is worse than the disease. Filtering IP addresses are not the right way to attack these sites - the move too quickly and there is too much danger of collateral damage. Perhaps even more dangerous is the need for verification. For the list to be at all effective, it has to move very, very quickly, as the phishing sites move very quick. Creating an environment where the list is updated quickly increases the chance of mistakes or even malicious filtering. In short, I cannot see a BGP list actually cutting down on phishing without massive collateral damage. Reducing the collateral damage will likely make the list ineffective against phishing sites. The combination makes this a no-win situation. All, IMHO, of course. :) -- TTFN, patrick