Yahoo adds seal to stop phishing sites

http://www.cbc.ca/technology/story/2006/08/23/yahoo-seal.htm l




Yahoo adds seal to stop phishing sites

Last Updated: Wednesday, August 23, 2006 | 11:45 AM ET
CBC News

Yahoo is testing a new security feature that allows users to create a
coloured seal to distinguish a genuine Yahoo login page from an
impostor.
The "sign-in seal" is designed to protect users from phishing websites,
fraudulent websites that attempt to trick people into giving up their
login and password information.
To create the seal, a Yahoo user must either upload an image or choose
a colour and a phrase of up to three words. The seal then appears on
any Yahoo login page displayed on that computer, but won't appear on a
phishing page masquerading as Yahoo.
Because the seal is linked to a particular computer, it's not meant to
be used on public systems, such as those in libraries and internet
cafes.
Other websites, such as the Bank of America, have adopted sign-in seals
that are displayed after a user signs in. Yahoo said it would link the
seal to the computer instead, so that a genuine Yahoo page could
identified without entering any personal information first.
The sign-in seal is based on cookies, small text files that a website
places on an individual computer. The seal doesn't work if cookies are
disabled.
Yahoo said the security seal is being offered to a fraction of its
users at first, but will be available to all users in the coming weeks.