.Banks May Help Curb illegal domains, Says chief research officer of F-secure

F-secure, a security company has responded to the criticism that it faced regarding the suggestion to set up a .bank Top Level Domain (TLD) to perk up the security of web financial services.

The chief research officer of F-secure, Mikko Hypponnen originally remarked on the existing phishing and online fraud trends. He further added that space over the Internet was quite cheaper these days, and in many cases, one could purchase it for as low as US$5. These websites could in turn be used for illegal purposes later on. In his earlier statement given to TECHWORLD on May 9, 2007, he had said that The Internet Corporation for Assigned Names and Numbers - a body that creates top-level domains, must establish domains such as '.banks' to control the set up of illegal domains to prevent cyber crimes as far as possible.

On this decision, Hypponen had to face criticism from the people, as they felt that '.bank' would do zilch efforts to stop DNS cache poisoning. DNS cache poisoning involves the entry into the domain name servers to hack the numeric code of legal companies, and then the replacement of these codes with the codes of unlawful companies. They further criticized that an average user was not much aware of the potentially malicious URL and therefore might fail to recognize it and end up getting his e-mail id hacked. On the other hand, the professional criminals would continue to buy the domain and small banks would fail to do so due to lack of funds.

Answering all these criticisms, Hypponen wrote in his blog that was published on Saturday, May 19,2007 that the proposal he had put forward was not an infallible means of defence. He further wrote, a .bank TLD was not a fool proof solution against DNS poisoning and phishers, that create false and deceptive domains, according to Zdnet Asia on May 22,2007.

While expressing his opinion on Hypponen's idea, eWeek's Larry Seltzer said that the main problem with users was that they tend to look at the URL in a casual manner and therefore at times, end up getting foxed by fake domains, as per the report m&c, on May 21 2007.

Hypponen said that by creating the .bank domain name browsers could maintain a whitelist, which would in turn lesser the hazards faced due to the ignorance of users. He said that through this, organized criminals sites would be caught easily even if they succeeded in proving themselves as banks and said that their main target was not small banks but big players.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 6/4/2007