Slashdot Mirror
Netcraft Releases Anti-Phishing Toolbar
AgainstHate writes "Netcraft has released an Anti-Phishing Toolbar that provides detailed information about the website you are visiting (sites' hosting location, country, longevity and popularity) at all times to help users to validate fraudulent URLs. It also natively traps cross site scripting and other suspicious URLs. The toolbar also enables users to report phishing attacks to Netcraft, thus blocking any other unsuspecting users from being harmed (Netcraft supervisor validation is used to contain the impact of any false reporting). Currently the toolbar is only available for IE but a Firefox version is under development."
I wonder if Netcraft has a method to report to the targetted business (banks, Ebay, etc) so they can follow up on legal action.
either color the URL in RED with a warning mark when it does not match the real address or give a quick pop explaining this.
They really don't need a firefox version anyway..
:)
People who use firefox fall under those who don't really need it
Online backup with Mozy, sounds like Ozzie, but more!
Not true at all. I happen to be the proud owner of a very serious exploit in the shopping cart of a major online retailer - an exploit of a simple-fix problem they refuse to even look at.
The gist is this - there's a variable in the GET string of the cart which does no input sanitization or checking at all. I derived a GET string which caused an invisible iframe to be embedded in the shopping cart page of this retailer. Inside the iframe, however, was a page pointing to one of my sites on which a fake form resided. The page/form claimed you would "Get a free gift for only 99 cents S&H" and asked for name, address, phone number, and credit card. The ONLY indicator that it's fake is:
1. The hard to read GET string which, if you know HTML and the concept of CGI, you could figure out points to a "bad" page if you looked at it.
2. The javascript alert that says "owned" after you click the "submit" button.
I even photoshopped some of their own button graphics and used their CSS files to maintain the look of the site.
They have yet, after almost a year, to fix the problem.
Firefox is just as vulnerable as anything else, and this particularly nasty XSS attack was fairly hard to detect. Do not rely on your browser to save you from yourself.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Users need to learn not to assume their computer and the Internet are safe and instead educate themselves on how to recognize scams themselves.
Yes, but users don't always want to learn. The old saying "ignorance is bliss" is true. Maybe I am jaded from dealing with computer customers and users for so long, but I think most people really don't want to learn those skills. They would rather have someone else or the software do it.
Most people would rather have someone else change the oil in their cars, even though it takes 10 minutes and half the money than professionals charge. I have changed stuff like alternators, lights, belts, etc. for far less money than professionals would charge. However, most people do not want to spend the time to learn how. Just the same, people would rather trust the professionals to keep them safe in their web browser rather than learning how to do it themselves.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
It doesn't play well with the Google toolbar. Hell it doesn't play well with any toolbars. After I installed it, all my (standard) toolbars were moved around or resized to 0 width. Its very frustrating when companies release crap software like this. Don't these people know about QA?
I installed it and tested it, by clicking on this fishing email I had recieved. Some website in Brazil.
When IE came up, the section of the Netcraft Toolbar that should have the information on the site was all white, except for an https link that pointed to ebay.com.
Probably just a glitch in the toolbar, but a little sad the first bad link I tried, it didn't help.