You’re Secure…. trust me….. (or Tricks with SSL)

Check this out…. I never thought of this but you might be able to use the ‘lock’ icon to trick people into revealing too much personal information.

Apparently they’re considering removing favicon support in Firefox 3.0 because of this….

We are considering removing the favicon from the location bar, and changing the location bar so that everything except “Public Suffix + 2″ is greyed out. This will prevent malicious sites from placing visual cues in the location bar (like using a lock as a favicon), and the change in text color will help users identify the web site domain.

You can see an example here:

200706040001

… and here’s our little friend on paypal.com:

200706040005



%d bloggers like this: