In a recent bevy of application disclosures, it was discovered that in September of last year, Microsoft applied for a patent regarding methodology for notifying Internet users whether or not a particular URL is associated with a list of known phishing sites.
We’ve all gotten the e-mails before. In what appears to be correspondence from a legitimate company, a letter comes across our respective e-mail client urging us to “verify our account information” by giving up the skinny on our bank accounts, credit cards, and social security numbers.
These attempts at obtaining sensitive personal information are commonly referred to as “phishing” tactics, and are often immediately identified by shady URLs or grammar so terrible that even Lindsay Lohan would end up confused – and that’s no small feat in and of itself.
The last releases of both Firefox and Internet Explorer both were launched with much hype surrounding the embedded anti-phishing technology within the browsers themselves. It’s difficult to ascertain a clear victor in the most recent round of the browser wars, but it appears Microsoft has been working behind the scenes to solidify its position.
The Redmond-based company is seeking to patent some of the more conventional, and quite frankly not very effective, methods of detecting phishing attempts. Below is the abstract taken from the patent application:
Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain.
In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.
Mike over at Techdirt chimes in with his analysis of the patent filing:
If someone were to describe to you the problem of phishing, and ask you how to stop it, this would be nearly everyone’s first attempt. It’s hard to see how something so obvious deserves patent protection — but the way our system works these days, the whole “non-obvious” requirement has been pretty much tossed out.
Patenting the obvious is a growing trend in the tech world, if only for the sole reason to protect oneself from frivolous lawsuits which could be brought forth in the future from some industrious individual who is sneaky enough to patent an already existing technology and then charge global corporations exorbitant licensing fees to make use of it.
But then again, maybe that’s not a bad idea. I could shave my head and then sue Britney Spears for infringing up on my baldness trademark.
If K-Fed can get paid, so can I, right?
Add to Del.icio.us | Digg | Reddit | Furl