Whilst on Yahoo today I noticed something very interesting. In the top right hand corner of the log in field there was a little fold in the proverbial page which informed me that I could prevent password theft.
It turns out that yahoo have developed an interesting way to stop phishing. What they propose is that you essentially set up a cookie on your machine. This cookie then relates to either a template or image on their servers that is personal to you.
The idea then being that if you were to log onto a Phishing site and not yahoo they wouldn't know what the information in your cookie related to and would therefore not be able to display your personal login window, and consequently arouse suspicion??
Couldn't this be hacked you say? Well the information about the image is stored in the cookie... for example yahoo create a cookie called B with contains 60ckc7l2hfiii which with what looks to be a random hash and the addition of .gif becomes 349115920288260ckc7l2hfiii.gif which is my personal image. Now the random hash and some info after it is needed although I'm sure with a bit of hacking you could get around this.
With a bit more time and effort it will be interesting to see how easy this is to hack!
Let me know what you think...