[pchelpers] Re: News:Anti-phishing toolbar for Firefox

Hi John and everyone else

> UK-based web security firm Netcraft on Wednesday released a Firefox 
> version of the anti-phishing 
> toolbar that's been available for Microsoft's Internet Explorer since 
> December 2004.
> 
> The toolbar, which installs as a Firefox extension, or plug-in, 
> automatically blocks suspected phishing sites identified by other users 
> and verified by Netcraft.

It often slows down browsing a lot and always at least a bit because it 
checks every single URL first. It also creates vast numbers of false 
positives. More reasons not to get this extension in the PS.

Phishing is not an issue as long as one goes to bank sites (and other 
sites that require personal information) the first time only by manually 
typing in the name and then later by using a bookmark based on that 
first "manual" visit. Especially never use email links to go to sites 
that require entering personal info.

This looks like a much better alternative:

http://it.slashdot.org/article.pl?sid=05/05/24/1959249&tid=172&tid=95
  I'd also like to remind people about the Petname Toolbar 
www.waterken.com/user/PetnameTool/ from Tyler Close, which uses 
capability-security concepts.

When you visit your bank site for the first time, you enter your own 
chosen "pet name" for the bank, which is like a nickname. Then when you 
(supposedly) visit the bank again via clicking on a link, it will show 
you the same pet name if it is the same site. If it is a phishing site 
you will see a glaring indication that the site is new and not one you 
have previously visited and trusted. This way you will know when you are 
at the site that you should be at.

It is a simple concept and doesn't rely on any humongous database 
created by external users. For Firefox, available today!



Ekhart


PS:

First, something hilarious:

http://it.slashdot.org/article.pl?sid=05/05/24/1959249&tid=172&tid=95
I have a guilty pleasure, and I want to share it with everyone here. ;)

I look forward to receiving a phishing email. In the past I would just 
delete the message, but no more! I always visit their web site and give 
all the information I can (all the info. I can make up that is!) I try 
my best the make the info look legit; the credit card, bank routing 
numbers, name, and address, everything!

What better way to bring attention to these crooks than to have them try 
to access fraudulent accounts? I guess they may have a way to filter out 
the bogus info, but I have fun making their work more difficult. ;)

Lately, I noticed that the phishers web pages contain some javascript 
code to checksum the credit card numbers. This was a downer, until I 
d/l'ed a CC number generator! Oh, now my fun could continue. I hope that 
more people will take up my pastime.


http://it.slashdot.org/article.pl?sid=05/05/24/1959249&tid=172&tid=95
Haven't we established that this doesnt work anyway? I could swear that 
was what the last story on this was. Something about how every phisher 
will just make several sites anyway, and the massive problems with false 
positves... It's only real purpose is the nice feeling you get from 
reporting it, like spam.

I installed the Netcraft toolbar and promptly uninstalled it. Every 
single site I visited caused a popup warning about cross-site 
scripting... this included CNN.com, a couple of webcomics and my 
company's internal web sites. What's the use of an application that 
flags EVERY web site as potentially hostile? I can be paranoid on my 
own, thank you.

  In the spirit of disclosure, I am affilliated with 
http://www.fraudeliminator.com/ [fraudeliminator.com] but I can't help 
but point out that 80% of Netcraft's toolbar is devoted to promoting 
themselves and has nothing to do with preventing phishing. They also 
suggested that costco.com was a phishing site. I admit I like to fish 
around for new tools and toys there, but so far I got what I paid for. :)

"Toolbar users have submitted more than 5,600 phishing sites"

aren't these phishing sites usually up for only a short time, like a 
couple days, before they get shut down? I would think that most the 
sites on the 'bad list' would be shut down by the time a user gets 
around to updating thier 'bad list' for their toolbar.

just a guess.


  I wasn't too happy with it. I uninstalled it an hour or so after 
installing it.

The anti-phishing feature ID'd just about every site I visited as a 
threat. In some cases it might be looking at images hosted on a 
different host, but I think it was choking on xhtml namespaces as well. 
I need to reinstall it to figure this out.

I seems to add about 10-15 seconds to Firefox's start up time. I 
observed the same issue with the IE version. This was enough to 
uninstall the toolbar from both browsers.

I value Netcraft's services, but I think I'll go directly to their site 
instead.

http://forums.mozillazine.org/viewtopic.php?p=1413635#1413635
http://forums.mozillazine.org/viewtopic.php?p=1409366#1409366



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: