AOL to block phishing sites

I’ve got to think that AOL has their subscribers best intentions in mind when they announce they are going to start blocking phishing sites. But I find two things a little tough to get my hands around.

AOL is going to have a hell of a time finding these sites. It is like finding a needle in a haystack, while a 10,000 pound electromagnet hovers overhead. And if they “determine” a site exists, how are they going to manage the blocking, as well as the consequences of potential mistakes?

Phishing sites come and go like the wind, and so do their owners. By the time AOL receives a report of a site, and makes internal system changes necessary to block it, the site has likely moved to a new location, and new targets.

AOL also opens themselves up to a lot of potential liability from error. If they shut the door on the wrong IP address (or a whole block, if the case may be), and some mom and pop internet vendor’s traffic dries up overnight, someone is going to pay. If AOL passes the burden of proof onto the hosting ISP, the situation only gets worse.

Nevertheless, I’m curious to see how this initiative progresses. It is nothing but a good thing, if AOL can get it right. One less bank account drained, one less credit card nefariously maxed out, and one less ID stolen, will always be worth some trouble. Lets just hope AOL doesn’t make it a lot of trouble.


werelord says:

As far as “determining” whether a site exists, I imagine they will not do anything of the sort, nor will they attempt to block them at the server level (at least initially).. It would be an awful lot easier to implement this client-side; a sort of authentication of the indended site with the actual URL that is passed to the browser. Not easy, mind you, but still much easier than blocking at the server level..