Thoughts on NSS Test of Socially Engineered Malware (SEM) and Phishing Attacks

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Thoughts on NSS Test of Socially Engineered Malware (SEM) and Phishing Attacks

Alan Jones
I could not find any comments on other forums so thought I would ask here first. I was curious what what others thought of the NSS Labs Test of Socially Engineered Malware (SEM) and Phishing Attacks.

Firefox 55 did not do too well, are there improvements in 56/57 that will help out. On the other hand did others think the tests were not valid?

https://www.nsslabs.com/company/news/press-releases/nss-labs-conducts-first-cross-platform-test-of-leading-web-browsers/


_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|

Re: Thoughts on NSS Test of Socially Engineered Malware (SEM) and Phishing Attacks

R0b0t1
On Tue, Oct 17, 2017 at 8:34 AM, Alan Jones <[hidden email]> wrote:
> I could not find any comments on other forums so thought I would ask here first. I was curious what what others thought of the NSS Labs Test of Socially Engineered Malware (SEM) and Phishing Attacks.
>
> Firefox 55 did not do too well, are there improvements in 56/57 that will help out. On the other hand did others think the tests were not valid?
>
> https://www.nsslabs.com/company/news/press-releases/nss-labs-conducts-first-cross-platform-test-of-leading-web-browsers/
>

That link is kind of dense. Can you direct me to the content?

One thing I will say, is security researchers who do nothing else tend
to make suggestions that are completely divorced from reality. Even
some of the security efforts undertaken by Mozilla seem to be
misguided.

One example that comes to mind were some resource changes to prevent
users from being misled. The problem was that if users could be misled
in the way that was being defended against, an attacker could simply
write an executable to disk and then have the user click it (or
something similar). I apologize for the lack of information - this
only came to my attention because it broke Vimperator.

However, since this article deals specifically with phishing, I am
slightly confused - phisability depends a great deal on each
individual website.

Cheers,
     R0b0t1.
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security