Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Netcraft Toolbar for Firefox Available

Posted by Zonk on Tue May 24, 2005 03:39 PM
from the making-the-net-safe-for-democracy dept.
Security The Internet
miller60 writes "Netcraft has just released the Firefox version of its anti-phishing toolbar, which blocks known phishing sites and suspicious urls, and displays the hosting information and risk rating for visited sites. Toolbar users have submitted more than 5,600 phishing sites since the IE version was released in late December."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Netcraft Toolbar for Firefox Available 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Netcraft confirms.... (Score:5, Funny)

    by FriedTurkey (761642) * on Tuesday May 24 2005, @03:40PM (#12627250)
    Netcraft confirms that Firefox users are already smart enough to figure out if a site is phishing

    Netcraft confirms that IE users will install spyware to combat phishing.

    • Re:Netcraft confirms.... (Score:5, Insightful)

      by NetNifty (796376) on Tuesday May 24 2005, @03:42PM (#12627283) Homepage
      " Netcraft confirms that Firefox users are already smart enough to figure out if a site is phishing"

      Not necessarily, it isn't just geeks that use Firefox any more - I for one (and I'm sure many other /.ers have too) have installed Firefox for many other people who would be using IE otherwise.

  • Sweet! (Score:5, Funny)

    by Anonymous Coward on Tuesday May 24 2005, @03:43PM (#12627288)
    Now I canfirm that *BSD is dying without navigating to a separate page!
    • Well, since I got a "timed out" when tried to download the linux/firefox toolbar, I guess NetCraft now confirms that NetCraft is dying ...

      I'm sure the phishers are working on a new, "improved" version even as we speak ...

  • Kudos Netcraft (Score:4, Insightful)

    by bogaboga (793279) on Tuesday May 24 2005, @03:44PM (#12627297)
    "...Better late than never..."

    That aside; if it takes a company like Netcraft almost 6 months to come out with a Linux version, to me that's being slow to act. Thanx never-the-less to Netcraft.

    • Re:Kudos Netcraft (Score:5, Interesting)

      by ProfaneBaby (821276) on Tuesday May 24 2005, @03:54PM (#12627414)
      Speaking of 'slow', the IE version was so painfully slow that I uninstalled it after 2 days.

      I'm not sure if the load was because it was 'new' and popular, or if they didn't anticipate the number of downloads, but having the toolbar active would cause a 2-3 second delay in loading EVERY site. Very annoying.

      Hopefully they've found a way to fix that problem, either by fixing the code or adding hardware.
    • The real question is, will they be coming out with a *BSD version?

  • Soooon....... (Score:5, Funny)

    by cloudreader (801693) <cloudreaderzedd AT yahoo DOT com> on Tuesday May 24 2005, @03:44PM (#12627300)
    there wont be any space in the browser to look at pages, only toolbars. someone has to come up with a toolbar organizing plugin may be?

  • Petname toolbar (Score:5, Informative)

    by SiliconEntity (448450) on Tuesday May 24 2005, @03:47PM (#12627325)
    I'd also like to remind people about the Petname Toolbar [waterken.com] from Tyler Close, which uses capability-security concepts.

    When you visit your bank site for the first time, you enter your own chosen "pet name" for the bank, which is like a nickname. Then when you (supposedly) visit the bank again via clicking on a link, it will show you the same pet name if it is the same site. If it is a phishing site you will see a glaring indication that the site is new and not one you have previously visited and trusted. This way you will know when you are at the site that you should be at.

    It is a simple concept and doesn't rely on any humongous database created by external users. For Firefox, available today!
    • And anyone computer-savvy enough to be using firefox, downloading addons, making pet names, and then remembering to check won't be caught by a pisher anyway...
      • "If a person is too stupid to realize whether or not they're logging into THEIR bank or not, perhaps they don't deserve the privilege of online banking"

        The scam that is scary is the bank of america scam where a bunch of miscreants copied the BOA website and had anyone typing in varieties of bankofamerica.com (I think one of them was bankofanerica.com ...)directed to their copy of the BOA website. (Identicle to the BOA website BTW)

        I am sure even you occasionally mistypes, and if you were not paying attent
      • If a person is too stupid to realize whether or not they're logging into THEIR bank or not, perhaps they don't deserve the privilege of online banking.
        DNS spoofing
        Spyware host file poisoning.
        Spyware taking over your entire browser, pointing you to sites you don't want.
        IE bug where what you see in address bar is not the site you're on.

        Phishing is a comlicated problem with multiple vectors. Saying that a user that doesn't know all vectors at every given time is stupid is unwarranted.

  • In the spirit of the Nietzche/God quote... (Score:5, Funny)

    by Anonymous Coward on Tuesday May 24 2005, @03:47PM (#12627337)
    Slashdot is dead
    -Netcraft

    Netcraft is Slashdotted
    -Death

    (Stupid filters can't handle a well formatted joke...)

  • Wouldn't it be ironic... (Score:5, Funny)

    by $$CALL NOW (777965) on Tuesday May 24 2005, @03:48PM (#12627345)
    if this was an imitation site tricking visitors into installing a malicious "toolbar" ?

  • Now if only I could get my people to use firefox (Score:5, Interesting)

    by 1967mustangman (883255) on Tuesday May 24 2005, @03:49PM (#12627353)
    I work as a sysadmin and I recently sent out an e-mail about phishing just as a general warning. As I was walking around to the other offices one of my co-workers said she wished I had sent that out a week ago and that she had just recently been phished. I got htat from two other people in the course of my rounds (in an org of less than 50). Now if only I could get my people to adopt firefox........ They could join in the battle rather than being duped.

  • how well does this actually work (Score:5, Insightful)

    by JeanBaptiste (537955) on Tuesday May 24 2005, @03:52PM (#12627385)
    no I havent tried it (don't really use phishing sites much myself ;)

    but "Toolbar users have submitted more than 5,600 phishing sites"

    aren't these phishing sites usually up for only a short time, like a couple days, before they get shut down? I would think that most the sites on the 'bad list' would be shut down by the time a user gets around to updating thier 'bad list' for their toolbar.

    just a guess.

  • First Impressions (Score:5, Informative)

    by DanCentury (110562) on Tuesday May 24 2005, @03:57PM (#12627439)
    I wasn't too happy with it. I uninstalled it an hour or so after installing it.

    The anti-phishing feature ID'd just about every site I visited as a threat. In some cases it might be looking at images hosted on a different host, but I think it was choking on xhtml namespaces as well. I need to reinstall it too figure this out.

    I seems to add about 10-15 seconds to Firefox's start up time. I observed the same issue with the IE version. This was enough to uninstall the toolbar from both browsers.

    I value Netcraft's services, but I think I'll go directly to their site instead.
  • Installed this toolbar, then visited Slashdot, ad received:

    "The page you are trying to visit is using Cross-Site Scripting (XSS). This is a technique commonly used in phishing attacks."
    ...
    "If this is a mistake, please report it using the "Report Incorrect Blocked URL" in the Netcraft Menu."

    Of course, now it's starting to look like the reporting site is becoming /.ed, so of course that fails...

  • Netcraft toolbar function via javascript bookmark (Score:3, Interesting)

    by Ized (764731) on Tuesday May 24 2005, @04:04PM (#12627516)
    Eventough the toolbar gives some additional features, the main function of seeing the site's "report" can be done in any browser with a mere javascript bookmarklet [bloggidity.com]. This example bookmarklet was available since last January.

  • It breaks tabbed browsing. (Score:5, Informative)

    by Nachtjäger (2041) on Tuesday May 24 2005, @04:04PM (#12627525) Homepage
    According to aebrahim's head [ebrahim.org] it does some really bad things to tabbed browsing.
    • Confirmed, at least for the 20 minutes the toolbar was installed for me. Netcraft has a lot more porting to do to get a FF version of the toolbar working right. The toolbar doesn't appear to be aware of tabs itself and the other open tabs stopped updating the address bar when they are switched to. FYI: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 - Already submitted to Netcraft.
  • A result of all the nagging /.ers that read this post --> http://yro.slashdot.org/article.pl?sid=05/05/02/18 8202&tid=158&tid=172&tid=95 [slashdot.org] I was one of the probably hundreds of people that e-mailed asking for a Firefox extension.

  • Needed? (Score:3, Interesting)

    by Ochu (877326) on Tuesday May 24 2005, @04:15PM (#12627605) Homepage
    Haven't we established that this doesnt work anyway? I could swear that was what the last story on this was. Something about how every phisher will just make several sites anyway, and the massive problems with false positves... It's only real purpose is the nice feeling you get from reporting it, like spam.
  • Even the reporting page appears to have Cross-Site Scripting (XSS). Here's a screenshot [khopesh.com] as proof.

    hmm... i think i just reported myself as a phisher by following my own link...
  • It'll cost you your bandwidth, but it's not as much a threat to your geek identity... The lad vampire [aa419.org] DOS's phishing and fake bank sites.

  • well, at least toolbar.netcraft.com is

  • Alternate solution: (Score:3, Insightful)

    by deacon (40533) on Tuesday May 24 2005, @04:52PM (#12627975) Journal
    Read your email in pine. No links. No images. No web-bugs.

    Press "h" on the keyboard to see the raw html of html email, including all the headers.

    It is very easy to spot fake emails once pine strips off all the glitzy fluff, and you look at the header of any emails that pass initial inspection.

  • Why not just Tool Icons? (Score:3, Interesting)

    by CatMan79 (788170) on Tuesday May 24 2005, @05:57PM (#12628743)
    I'm so sick of entire damned toolbars. Why not just a nice little Tool Icon that displays a menu when clicked on? Something neat like the RSS bookmarks in Firefox?

  • I have a guilty pleasure, and I want to share it with everyone here. ;)

    I look forward to receiving a phishing email. In the past I would just delete the message, but no more! I always visit their web site and give all the information I can (all the info. I can make up that is!) I try my best the make the info look legit; the credit card, bank routing numbers, name, and address, everything!

    What better way to bring attention to these crooks than to have them try to access fraudulent accounts? I guess they may have a way to filter out the bogus info, but I have fun making their work more difficult. ;)

    Lately, I noticed that the phishers web pages contain some javascript code to checksum the credit card numbers. This was a downer, until I d/l'ed a CC number generator! Oh, now my fun could continue. I hope that more people will take up my pastime.

      • yeah that is until you unintentionally enter a real account number and someone somewhere is the victim... perhaps one of those people out there that you wanted to help you in your quest generates your CC or bank account number an end up with no money in your account or a maxed out CC.... moron!

        I guess you don't know much about bank accounts or credit cards. What I'm doing is very safe. The likelihood of submitting a valid credit card number, expiration date, and verification number is very small. Espe

    • Re:There are enough security tools available... (Score:4, Funny)

      by 8086ed (876715) on Tuesday May 24 2005, @03:47PM (#12627334)
      Vegetarians don't know how to eat, let alone how to use a toolbar.

    • A vegetarian diet is tastier and better for you than what most people eat

      Your point is well taken, but the "tastiness" of a vegetarian diet is very much a personal preference and the healthiness is a matter of your metabolism. A full 8% of the human race will slowly die without meat in their diet due to the lack of certain enzymes. As an aside, have you ever noticed how vegetarian meals often are imitations of meat or dairy products? I've seen vegetarian cheeseburgers and thought, "man, just buy the re

      • You also never see Imitation veggies made out of beef!

          • Depends on the part of Asia. India does a lot of vegetarian stuff. Falaffel, samosas, various curries.

            English doesn't have a word for meat that isn't fish. It makes some foriegn diets sound like washed out vegetarian clones, but really they're only "vegetarian" because the English language doesn't have a better word for it.

            Not that I'm vegetarian... not that there's anything wrong with that.

          • Well, I'm asian and I can assure you that until I'd come to the US, the only animal related products I'd had was dairy related - milk, cheese and yoghurt.

            Surprisingly, we are quite strict about how we define vegetarian, as well (for instance, folks in the US mysteriously add eggs and mushrooms under vegetarian items -- duh!!!).

            And all the food I'd had was quite tasty, well flavoured and spicy, thank you very much. The meat-imitations that you'd mentioned are for the benefit of meat eaters converting to ve
            • I have not problem with calling eggs, milk, or mushrooms vegetarian. I can see your point since they are not plants but then you could say the same about dairy. What drives me crazy is when people eat fish and claim to be vegetarian. That and "ORGANIC" salt! What you consider vegetarian is what people in the use usually call vegan.
              I was vegetarian for a two years and it helped me loose 40lbs. If you like it go for it.
              Back on subject. Get a list of these Phishing sites? I would love to block them at my gat
    • Tastier? I think that would be hard to substantiate objectively.

      I'd say with vast array of available animal protein out there (Bison, Ostrich, Gator, Cow, Pig, a huge variety of Fish (Cod, Halibut, Trout, Herring, Sardine, Mackerel, Talapia, Swordfish, Marlin, Tuna, Salmon, etc), other Aquatic life (Shrimp, Scallops, Lobster, Crab, Oysters, Octopus, etc), and various birds (Turkey, Chicken, Duck, Goose, Pheasant, Quail, etc)), there is little doubt that with proper preparation, you can have a vast variety of flavours. Yes, you can also have a vast variety of vegetable flavours (if they are prepared right), but if you think Vegetarian is tastier, it is either a personal preference or a very limited exposure to the range of animal-related meal items. Being an omnivore and fairly well travelled food-wise, I've sampled great vegetarian and carnivore dishes and couldn't imagine trying to say which was 'tastier'.

      As for healthy, vegetarian diets have some shortcomings. I've actually had one friend who was a Vegan ordered by her doctor to start eating meat again despite her best efforts to procure all the required nutrients and vital vitamins elsewhere. If I recall, one of the B complex vitamins was fairly hard to come by sufficiently without eating meat, despite various supplementations during any given year.

      Keep in mind as well that herbivores rule few food chains. Why? Because when worst comes to worst, an omnivore can eat plants *and* animals. A vegetarian that is rigidly so can only eat one out of two. The ominvores natural advantage is he can actually eat the vegetarians. Generally, the omnivore also recieves the benefit of concentration of food value up the food chain that predators do - the lower creatures in the chain (often herbivores) do a lot of the work concentrating food value and the predator reaps the reward.

      Or put another way, when you look at a salad, you don't see food, you see what food eats.

      We can all only make our own choices, but my ancestors worked for many millions of years to get to the top of the food chain, and that involved eating meat. I'm not about to dishonour that huge amount of effort and sacrifice :)

      To each his own, just keep in mind that when the end comes, one camp will be walking rations for the other.... :)

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.