yahoo does great stuff(but still theres a flaw)

yahoo hits badly at phishers...great going

yahoo finally did something worth mentioning agaisnt phishers...i always thot that there shuld be something personal for every individual...something visual for ppl...which cannot be easily duplicated by a machine for identifiaction..and yahoo has done it...thugh partially..it assignes a picture from your computer and one colour as your seal color...this is like coustomised seal for your computer which will tell u weather u are on a genuine yahoo login page or some phisher is taking u for a ride..its great cause alteast now there would be an easy distinction.......

though it cannot stop phishing....u wanna know why??...theres no fix for stupidity and phishers now rely on social enginnering skils and not technical.........they can still send a simple mail asking for password confiramation...and just add a line that "since theres a bug in our system or since this is older version of yahoo...or ur browser is not supporting the newer version....seal is temporarily deactivated..."

and i can bet out of 1000 ppl atleast 10 will happily give their passwords...wat a waste

but this will definitly..reduce the no of phishing attacks.......yahoo has made its move ..lets see how phishers hit back.......

as far as my opinion is concerned...phishers are not gonna change their statergy..cause most victims are newbies who dont know wat phishing is....they will still fall in the trap...but for the small percentage who are aware..it will be a boon...

one more thing...yahoo did great by putting this seal creation notice on front page...but the way they put it...i wuld say is stupid...common..it seems like an advertisement...a flap..a page cover.....put that in bold letters...BIG BOLD LETTERS..only then will ppl actually care to activate it

FLAW I NOW DISCOVERED

i posted that im very impressed with the new step.....now am adding more to it...theres a major flaw..in this system.........dont beleive me.........just delete cookies and try logging it again....the seal will be gone......ull get it back by simply clicking refresh....but this is enough to make a user less serious......wen he knows that u get the seal sometimes....but sometimes due to some cookie thing it does not show on legitimate site...its enough to make him drop his guard....he may assume that rarely this seal may not come...and this rare chance is enough for phishers....think from a naive users point of view.

.......its like crying wolf wen theres none...suppose ur fire alrm goes off many times without actual fire....wen it will beep during actual fire...ull be less serious...ur first reaction wuld be....must be another fake alarm...wat do ya think