On Sat, 3 Sep 2005, Hannigan, Martin wrote:

...

this is NOT a good solution, since a successful phish attack in this case would look exactly like the official red cross web site.

How's that one work?

One form of DirectNIC's redirection, which the phisher was supposedly using (I didn't check myself), uses a <FRAMESET> to hide the redirect inside a frame, thereby not showing the real address in the browser without deeper inspection. Another form of their redirection service is simple 30x HTTP code redirection, which they could have used for the "Red Cross remedy". Personally, I'd prefer registrar lock myself, as that keeps the distinction between scam and non-scam clear. (USRC's own scam-like tactics used when disasters have abated notwithstanding.) -- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>