Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netcraft Releases Anti-Phishing Toolbar

Posted by ryuzaki0 on from the safety-first dept.

AgainstHate writes "Netcraft has released an Anti-Phishing Toolbar that provides detailed information about the website you are visiting (sites' hosting location, country, longevity and popularity) at all times to help users to validate fraudulent URLs. It also natively traps cross site scripting and other suspicious URLs. The toolbar also enables users to report phishing attacks to Netcraft, thus blocking any other unsuspecting users from being harmed (Netcraft supervisor validation is used to contain the impact of any false reporting). Currently the toolbar is only available for IE but a Firefox version is under development."

12 of 236 comments (clear)

  1. Nostradamus Predicts by the_mad_poster · · Score: 5, Insightful

    This will have little affect because:

    1) The people who really need it will never hear about it.

    2) Even if 1 fails to return true, the people who really need it will never be able to find it amongst the 82 other toolbars that various companies have so helpfully installed for the sucke.... uh... users.

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
    1. Re:Nostradamus Predicts by Gentlewhisper · · Score: 5, Interesting

      They really don't need a firefox version anyway..

      People who use firefox fall under those who don't really need it :)

      --
      Online backup with Mozy, sounds like Ozzie, but more!
    2. Re:Nostradamus Predicts by The+Snowman · · Score: 5, Insightful

      They really don't need a firefox version anyway..

      People who use firefox fall under those who don't really need it :)

      Maybe for the time being. Right now, Firefox largely is a geek browser. However, recent news shows that it is becoming more popular and mainstream. Software can only do so much to curb user ignorance. Firefox is not perfect, nor does it stop phishing and other scams. Plugins, such as this toolbar, could help prevent Joe Sixpack from scammers and phishers. After seeing enough message boxes about malicious sites, hopefully he will learn the skills he needs so he will not need the toolbar anymore.

      If Firefox does not keep the scammers and phishers away, new users will abandon it and go back to what they already know: IE.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
    3. Re:Nostradamus Predicts by the_mad_poster · · Score: 5, Interesting

      Not true at all. I happen to be the proud owner of a very serious exploit in the shopping cart of a major online retailer - an exploit of a simple-fix problem they refuse to even look at.

      The gist is this - there's a variable in the GET string of the cart which does no input sanitization or checking at all. I derived a GET string which caused an invisible iframe to be embedded in the shopping cart page of this retailer. Inside the iframe, however, was a page pointing to one of my sites on which a fake form resided. The page/form claimed you would "Get a free gift for only 99 cents S&H" and asked for name, address, phone number, and credit card. The ONLY indicator that it's fake is:

      1. The hard to read GET string which, if you know HTML and the concept of CGI, you could figure out points to a "bad" page if you looked at it.

      2. The javascript alert that says "owned" after you click the "submit" button.

      I even photoshopped some of their own button graphics and used their CSS files to maintain the look of the site.

      They have yet, after almost a year, to fix the problem.

      Firefox is just as vulnerable as anything else, and this particularly nasty XSS attack was fairly hard to detect. Do not rely on your browser to save you from yourself.

      --
      Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
    4. Re:Nostradamus Predicts by computational+super · · Score: 5, Informative

      Hmmmm... I'm almost afraid to admit this, but I'm a Firefox user who might be able to use this. There's a lot of information there that I've never been able to figure out how to determine using publicly available resources. According to TFA, Netcraft will report site, domain, ip address, country, date first seen, organization, last reboot, netblock owner, site rank, name server, DNS admin, and reverse DNS. Obviously I can use nslookup to figure out the IP address, and internic.net to look up the domain and figure out name server, dns admin, etc. but country? netblock owner? Date first seen?

      The example shown in TFA, for example, shows netcraft.com being hosted in the UK... obviously, this is more sophisticated than just checking to see if the domain is co.uk. It seems like they actually are providing some value by maintaining a database... figuring out the hosting country from an IP address is supposed to be impossible.

      Of course, I'm not downloading anything until I've seen it reviewed for a while to see if the database they're maintaining is useful in any way, shape or form - if 99% of the sites aren't in their database (and they're just showing me WHOIS lookups), then yeah, I guess I fall into the "don't really need it" category.

      --
      Proud neuron in the Slashdot hivemind since 2002.
    5. Re:Nostradamus Predicts by the_mad_poster · · Score: 5, Insightful
      Except, for people to treat their cars the way they do their computers, they'd have to:
      • Never get an oil change. Ever. Everytime the oil burned into the pan and the car stopped running altogether, they'd just replace the whole pan and rebuild the block to clean the ooze out. They would also whine incessantly about having to do this.
      • Never check their tire pressure. Ever. They would simply drive the car until the tires blew, then continue to drive on the rims complaing about how hard it is to control.
      • Drive the cars around bad neighbordhoods all the time without taking any precautions. When they get caught in a drive by, or someone comes along and smashes up their car, they'd whine about the car getting damaged as if it were the car's fault.
      • Everytime someone offered to install something, they'd do it. This would include everything from cutesy stickers with corrosive backing to "engine upgrades" that make the car go half as fast, but lets you change the color of your headlights. All negative affects would, again, be blamed on the car.
      Computers are complex tools that require maintenance. Hell, some people pay more attention to their toaster's maintenance than the computer's maintenance. At least they clean the damn crumbs out of it from time to time.
      --
      Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  2. For Firefox... by excaliber19 · · Score: 5, Informative
    Not perfect by any means, but sure helps:

    Firefox SpoofStick Extension

  3. Spoofstick by BobMD · · Score: 5, Informative

    Already available from Corestreet for Firefox and IE http://www.corestreet.com/spoofstick/

  4. Adware? by plover · · Score: 5, Informative
    Not necessarily: did you read the EULA?

    8 Advertising and sponsorship

    Part of the Toolbar may contain advertising and sponsorship. Advertisers and sponsors are responsible for ensuring that material submitted for inclusion on the Toolbar complies with relevant laws and codes. We will not be responsible for any error or inaccuracy in advertising and sponsorship material.

    So, be warned: it may contain some kind of adware, and it may be the kind you find hard to ignore. I'm not installing it until I know more.

    --
    John
  5. Netscraft confirms... by Stevyn · · Score: 5, Insightful

    ...that this is an old, outdated, and unfunny joke.

  6. ah more toolbar hell... by Anonymous Coward · · Score: 5, Informative

    As if there wasn't enough screen space taken up already.

    Switch to Firefox and enable the non-spoofing features and you don't need a toolbar (don't allow URL to be hidden, etc.)

    In firefox, type in about:config
    then set these to TRUE and never be "fooled" again:

    recommended:
    disable_window_open_feature.locati on
    disable_window_open_feature.status
    disable_wi ndow_open_feature.titlebar
    disable_window_status_ change

    optional:
    disable_window_move_resize
    disable_w indow_open_feature.close
    disable_window_open_feat ure.directories
    disable_window_open_feature.menub ar
    disable_window_open_feature.minimizable
    disab le_window_open_feature.personalbar
    disable_window _open_feature.resizable
    disable_window_open_featu re.scrollbars
    disable_window_open_feature.toolbar

  7. You're underestimating the effort involved. by sean.peters · · Score: 5, Insightful
    Most people would rather have someone else change the oil in their cars, even though it takes 10 minutes and half the money than professionals charge.

    Hogwash.

    • driving to the auto parts place to get oil, filters, etc - 20 minutes
    • draining oil, removing filter, installing new filter, adding oil - 10 minutes for this step only if you do this for a living. At least 15 minutes for ordinary mortals.
    • Driving halfway across the county to the only place that will take used oil for recycling - 45 minutes
    • Washing the clothes that got dirty while working on car - 30 minutes (with the possibility of doing other things during wash/dry cycle)
    • 45 minutes/$30 spent getting Jiffy Lube to do it, while I shop, read, etc... priceless

    Yes, I changed my own oil for years. Now I have better things to do with my life. Change a few words around in this reasoning, and you'll understand why "most people" don't want to fool around with their computers.

    Sean