Looks like the phishing problems are getting hotter by the day. A couple of days back, I had written about the Firefox/Google Safe Browsing tool to prevent phishing attacks. Today, Yahoo! seems to have launched its own tool for phishing protection, Yahoo! Sign-In Seal. It is not a general purpose tool, but seems to works *only* with Yahoo sites.

A few phishing sites used to have a geocities (owned by Yahoo!) page that asked for your Yahoo! Id and password. Yahoo! has been taking reactive measures against such attacks by taking down offending pages from geocities as soon as they come to know about it. But that still leaves a window of time where that fake page can harvest a bunch of id/passwords. This new feature looks to be a proactive measure to prevent such attacks. The Sign-In seal protects against such fake sites, by presenting a personal pre-generated seal. If the seal is seen on the web page, the Yahoo! site you are logging into is genuine else it isn't. If people start using these Sign-in seals, it will thwart a chain of Yahoo! phishing attacks that have been making the rounds.

I think proactive is the key in such situations. This solution is good but works only with Yahoo! A bunch of other sites, especially commercial sites, are still vulnerable to such attacks. The Safe Browsing feature is a general purpose tool, but not a proactive one. There is a window of time before a fake site gets black listed, and how long or how damaging that window could be remains to be seen.