Slashdot Mirror
Netcraft Toolbar for Firefox Available
miller60 writes "Netcraft has just released the Firefox version of its anti-phishing toolbar, which blocks known phishing sites and suspicious urls, and displays the hosting information and risk rating for visited sites. Toolbar users have submitted more than 5,600 phishing sites since the IE version was released in late December."
Netcraft confirms that Firefox users are already smart enough to figure out if a site is phishing
Netcraft confirms that IE users will install spyware to combat phishing.
Now I canfirm that *BSD is dying without navigating to a separate page!
That aside; if it takes a company like Netcraft almost 6 months to come out with a Linux version, to me that's being slow to act. Thanx never-the-less to Netcraft.
there wont be any space in the browser to look at pages, only toolbars. someone has to come up with a toolbar organizing plugin may be?
sigbldr is currently in pre-alpha.
A vegetarian diet is tastier and better for you than what most people eat, but it requires consciousness that there is a problem with the status quo and a dedication to change it. Similarly it is easier to run a computer packed full of spyware and viruses than it is to research the problem and patch the holes. That's up to the end user, but they first need to be aware of the problems -- and it's up to people like us to wake them up.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
thank god for another piece of software that will clog up simple minded users that can't figure out what's going on on the intarweb. they should think of releasing a tool that rids one of these crappy browser toolbars :/ /me shakes his head
I'd also like to remind people about the Petname Toolbar from Tyler Close, which uses capability-security concepts.
When you visit your bank site for the first time, you enter your own chosen "pet name" for the bank, which is like a nickname. Then when you (supposedly) visit the bank again via clicking on a link, it will show you the same pet name if it is the same site. If it is a phishing site you will see a glaring indication that the site is new and not one you have previously visited and trusted. This way you will know when you are at the site that you should be at.
It is a simple concept and doesn't rely on any humongous database created by external users. For Firefox, available today!
Slashdot is dead
-Netcraft
Netcraft is Slashdotted
-Death
(Stupid filters can't handle a well formatted joke...)
if this was an imitation site tricking visitors into installing a malicious "toolbar" ?
I work as a sysadmin and I recently sent out an e-mail about phishing just as a general warning. As I was walking around to the other offices one of my co-workers said she wished I had sent that out a week ago and that she had just recently been phished. I got htat from two other people in the course of my rounds (in an org of less than 50). Now if only I could get my people to adopt firefox........ They could join in the battle rather than being duped.
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
no I havent tried it (don't really use phishing sites much myself ;)
but "Toolbar users have submitted more than 5,600 phishing sites"
aren't these phishing sites usually up for only a short time, like a couple days, before they get shut down? I would think that most the sites on the 'bad list' would be shut down by the time a user gets around to updating thier 'bad list' for their toolbar.
just a guess.
I wasn't too happy with it. I uninstalled it an hour or so after installing it.
The anti-phishing feature ID'd just about every site I visited as a threat. In some cases it might be looking at images hosted on a different host, but I think it was choking on xhtml namespaces as well. I need to reinstall it too figure this out.
I seems to add about 10-15 seconds to Firefox's start up time. I observed the same issue with the IE version. This was enough to uninstall the toolbar from both browsers.
I value Netcraft's services, but I think I'll go directly to their site instead.
What's the comment about a fool and their money? Oh yeah, they're easily parted.
now could someone please add these 5600 sites to a new surbl zone?
- dhawal
how long will it take for netcraft to publish an article about it's downtime due to /.
And what about spoofstick
"The page you are trying to visit is using Cross-Site Scripting (XSS). This is a technique commonly used in phishing attacks."
...
"If this is a mistake, please report it using the "Report Incorrect Blocked URL" in the Netcraft Menu."
Of course, now it's starting to look like the reporting site is becoming /.ed, so of course that fails...
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Avoiding phishing is more about common sense than what web browser you are using. People can still be phished by the use of Firefox.
Eventough the toolbar gives some additional features, the main function of seeing the site's "report" can be done in any browser with a mere javascript bookmarklet. This example bookmarklet was available since last January.
1. Remove the IE shortcut from the desktop
2. Add a Firefox shortcut to the desktop
3. Rename said shortcut "Internet Explorer"
4. Change icon of said shortcut to the blue "E"
5. Download and install a Firefox theme which emulates the look and feel of IE.
And there you have it! You have adapted the malicious tactics of Phishers to keep your people safe from Phishers.
According to aebrahim's head it does some really bad things to tabbed browsing.
yadda
You know, to allow for confirmation and all.
A result of all the nagging /.ers that read this post --> http://yro.slashdot.org/article.pl?sid=05/05/02/18 8202&tid=158&tid=172&tid=95
I was one of the probably hundreds of people that e-mailed asking for a Firefox extension.
Yeah, That would work until they went to Yahoo Games or some other site like that wich will popup and say You must have Internet Explorer 4.5 or better. Then I get a call to come fix their games.
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
Netcraft is dying....
at which point you show them the clause in the employment contract that says "our computers are only avaliable for you to do actual work on", then go to slashdot and post about it.
Haven't we established that this doesnt work anyway? I could swear that was what the last story on this was. Something about how every phisher will just make several sites anyway, and the massive problems with false positves... It's only real purpose is the nice feeling you get from reporting it, like spam.
Even the reporting page appears to have Cross-Site Scripting (XSS). Here's a screenshot as proof.
hmm... i think i just reported myself as a phisher by following my own link...
Use my userscript to add story images to Slashdot. There's no going back.
Ironically since it is a baseball company and they have very little to do during the winter I actually had the VP set me looking for a better vid card so he could play Counter Strike. Gaming is rampant during the off season
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
It'll cost you your bandwidth, but it's not as much a threat to your geek identity... The lad vampire DOS's phishing and fake bank sites.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
well, at least toolbar.netcraft.com is
605413? Yes, it's a prime.
Tastier? I think that would be hard to substantiate objectively.
:)
:)
I'd say with vast array of available animal protein out there (Bison, Ostrich, Gator, Cow, Pig, a huge variety of Fish (Cod, Halibut, Trout, Herring, Sardine, Mackerel, Talapia, Swordfish, Marlin, Tuna, Salmon, etc), other Aquatic life (Shrimp, Scallops, Lobster, Crab, Oysters, Octopus, etc), and various birds (Turkey, Chicken, Duck, Goose, Pheasant, Quail, etc)), there is little doubt that with proper preparation, you can have a vast variety of flavours. Yes, you can also have a vast variety of vegetable flavours (if they are prepared right), but if you think Vegetarian is tastier, it is either a personal preference or a very limited exposure to the range of animal-related meal items. Being an omnivore and fairly well travelled food-wise, I've sampled great vegetarian and carnivore dishes and couldn't imagine trying to say which was 'tastier'.
As for healthy, vegetarian diets have some shortcomings. I've actually had one friend who was a Vegan ordered by her doctor to start eating meat again despite her best efforts to procure all the required nutrients and vital vitamins elsewhere. If I recall, one of the B complex vitamins was fairly hard to come by sufficiently without eating meat, despite various supplementations during any given year.
Keep in mind as well that herbivores rule few food chains. Why? Because when worst comes to worst, an omnivore can eat plants *and* animals. A vegetarian that is rigidly so can only eat one out of two. The ominvores natural advantage is he can actually eat the vegetarians. Generally, the omnivore also recieves the benefit of concentration of food value up the food chain that predators do - the lower creatures in the chain (often herbivores) do a lot of the work concentrating food value and the predator reaps the reward.
Or put another way, when you look at a salad, you don't see food, you see what food eats.
We can all only make our own choices, but my ancestors worked for many millions of years to get to the top of the food chain, and that involved eating meat. I'm not about to dishonour that huge amount of effort and sacrifice
To each his own, just keep in mind that when the end comes, one camp will be walking rations for the other....
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Microsoft JET Database Engine error '80040e37'
Press "h" on the keyboard to see the raw html of html email, including all the headers.
It is very easy to spot fake emails once pine strips off all the glitzy fluff, and you look at the header of any emails that pass initial inspection.
In the spirit of disclosure, I am affilliated with http://www.fraudeliminator.com/ but I can't help but point out that 80% of Netcraft's toolbar is devoted to promoting themselves and has nothing to do with preventing phishing. They also suggested that costco.com was a phishing site. I admit I like to fish around for new tools and toys there, but so far I got what I paid for. :)
The closer to your soul you choose your goal, the nearer to your heart the work can start.
I don't really know why netcraft needs to be in the form of a toolbar. Why can't it be like AdBlock and put a small icon in lower right corner. I mean, it's not like a search engine where you actually need to have much intereaction with it.
instead i suggest that they have a small icon on the lower right corner as suggested before. when the user is trying to access a known phishing site, either pop up a error box asking if user would like to continue, or redirect them to warning page. to submit phising sites to netcraft, you can easily add netcraft menu on the right click (like how you blocking ads in adblock works) and within that menu, you can submit the site.
HD Trailers
You guys hiring? :D
--- This
You do realize that in the friggin summary it mentioned this was out for IE first. I'm all for firefox support, but at least get your facts straight.
Netcraft confirms SQL is dead.
Just because it CAN be done, doesn't mean it should!
Is posting to Slashdot considered actual work?
Just because it CAN be done, doesn't mean it should!
This software is bad in a few different ways.
1. It delays/slows the opening of Firefox, particularly if you are behind a secure firewall because it asks for you password before Firefox even starts.
2. It puts two huge tabs on a 'toolbar' that wastes valuable screenspace. The tabs do nothing. The first one, labelled Netcraft, just drops down a menu to let you select the 'about' dialog'. The second, labelled 'Services' does nothing at all when I click on it.
I am trying this in FF 1.0.4.
This software is being deleted - right NOW
technically, work is defined a exerting a certain force over a certain distance. since you are exerting a force on your keys for the distance it take till the key is pushed, the answer is yes, you are doing work.
My new blog
I once sent an e-mail to their webmaster about something unrelated and got added to their announcement list. Sheesh. They ought to make a plugin that stops those annoying e-mails.
EarthLink's Toolbar contains a module called ScamBlocker, which uses heuristic rules AND a white list AND a server-based black list to help you identify and avoid phisher sites. It's free, and it works even if you hide the toolbar in your browser.
http://www.earthlink.net/software/free/toolbar/
Linky
I'm so sick of entire damned toolbars. Why not just a nice little Tool Icon that displays a menu when clicked on? Something neat like the RSS bookmarks in Firefox?
Yes it is... keeping yourself updated is a part of any geek's work.
I installed the Netcraft toolbar and promptly uninstalled it. Every single site I visited caused a popup warning about cross-site scripting... this included CNN.com, a couple of webcomics and my company's internal web sites. What's the use of an application that flags EVERY web site as potentially hostile? I can be paranoid on my own, thank you.
"Yes, Jayne, she's a witch. She's had congress with the beast..."
"She's in Congress?" - Firefly, "Objects in Space
I have a guilty pleasure, and I want to share it with everyone here. ;)
I look forward to receiving a phishing email. In the past I would just delete the message, but no more! I always visit their web site and give all the information I can (all the info. I can make up that is!) I try my best the make the info look legit; the credit card, bank routing numbers, name, and address, everything!
What better way to bring attention to these crooks than to have them try to access fraudulent accounts? I guess they may have a way to filter out the bogus info, but I have fun making their work more difficult. ;)
Lately, I noticed that the phishers web pages contain some javascript code to checksum the credit card numbers. This was a downer, until I d/l'ed a CC number generator! Oh, now my fun could continue. I hope that more people will take up my pastime.
"Drug related crime" is a misnomer, "prohibition related crime" is the more accurate and correct phrase.
Even if the program is kind of meh. The more tools floating around to stop this stuff the better.
Sure, many firefox users are already careful enough browsers that they don't stumble into bad stuff often, but as another post put it, there are a lot who aren't and tools like these help protect them.
A classic example? 2 months ago my friend's computer was so hosed by spyware and spam that he had me reformat it. I had already done this for him 4 times in the past so this time I was determined to protect him from himself!
4 hours of careful implementation later I had done it. Using a combination of free software from avg to spybot to firefox to personal firewalls to windows auto-update to a router to act as a hardware firewall, I set him up with every bit of automated protection I could.
He lost about 10% max performance from it all. But, he never noticed the difference because before hand his computer was so riddled with spyware and viruses that he was barely getting 50% performance.
End result? I visited him yesterday for the first time in 2 months. Every piece of software on his computer was updated, his system was totally clean, and get this, he was learning how to use the software himself and becoming a knowledgable computer user because he could be safely productive on his machine. Mission accomplished! Thats what this sort of software is designed for. It isn't for us slashdotters, its for us slashdotters to use to help protect others. And the more options we get, the better.
You are who you are, let no one tell you different. But, never close your mind to a new point of view.
yeah that is until you unintentionally enter a real account number and someone somewhere is the victim... perhaps one of those people out there that you wanted to help you in your quest generates your CC or bank account number an end up with no money in your account or a maxed out CC.... moron!
yeah that is until you unintentionally enter a real account number and someone somewhere is the victim... perhaps one of those people out there that you wanted to help you in your quest generates your CC or bank account number an end up with no money in your account or a maxed out CC.... moron!
I guess you don't know much about bank accounts or credit cards. What I'm doing is very safe. The likelihood of submitting a valid credit card number, expiration date, and verification number is very small. Especially, when you include an account holder name! Please get a clue.
"Drug related crime" is a misnomer, "prohibition related crime" is the more accurate and correct phrase.
I have the bookmarks toolbar, the google toolbar, the yahoo toolbar, the spoofstick toolbar, the netcraft toolbar, the web developer toolbar, the advanced navigation toolbar, and the super duper 1337 toolbar.I wanted some more toolbars, I saw some good ones recently...I got no space left for web browsing, but who needs that when I got my toolbars.
VStrider.
If you're interested in the rationale behind it, read the whitepaper. No dependence on/vulnerability to any centralized 'authority' to decide what constitutes a 'malicious site'.
Higher Logics: where programming meets science.
So... it's available for Firefox? You did read the story title, yes?
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
I agree. Installed it, tried it, saw that it was basically an ad, uninstalled it,. I guess I'll simply add etcraft to the list of companies I don't do business with.
Is posting to Slashdot considered actual work?
Depends, you can always explain to your boss that slashdot is just a tech knowledge exchange website (like a knowledge base!). Then again, if he(or she) actually reads slashdot the ruse would be up.
Georgia Tech, the leader in Chia(tm) technology.
the bar reduces my screen real estate further. the problem with bars in netscape/mozilla/firefox is that the bar cannot be shifted like in IE, so that i can have >= 2 partial bars stacked in one row.
i am no programmer, and i know the development platform or widget or whatever you call it that is used in mozilla is different than in IE. but i would like the bars in mozilla/firefox that are movable and stackable.... one menu bar, one back/forward bar, and one bookmark/link bar is the maximum i can stand.
Here, have a ball. Try the script in my .sig.
No Thanks.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Shhh!!
Don't let out the secret!
So I sent in a bug report at the same time as the parent post and got a response just now:
Use my userscript to add story images to Slashdot. There's no going back.