Netcraft Toolbar for Firefox Available

miller60 writes "Netcraft has just released the Firefox version of its anti-phishing toolbar, which blocks known phishing sites and suspicious urls, and displays the hosting information and risk rating for visited sites. Toolbar users have submitted more than 5,600 phishing sites since the IE version was released in late December."

Netcraft confirms....

Netcraft confirms that Firefox users are already smart enough to figure out if a site is phishing

Netcraft confirms that IE users will install spyware to combat phishing.

Re:Netcraft confirms....

" Netcraft confirms that Firefox users are already smart enough to figure out if a site is phishing"

Not necessarily, it isn't just geeks that use Firefox any more - I for one (and I'm sure many other /.ers have too) have installed Firefox for many other people who would be using IE otherwise.

Sweet!

Now I canfirm that *BSD is dying without navigating to a separate page!

Kudos Netcraft

"...Better late than never..."

That aside; if it takes a company like Netcraft almost 6 months to come out with a Linux version, to me that's being slow to act. Thanx never-the-less to Netcraft.

Re:Kudos Netcraft

Speaking of 'slow', the IE version was so painfully slow that I uninstalled it after 2 days.

I'm not sure if the load was because it was 'new' and popular, or if they didn't anticipate the number of downloads, but having the toolbar active would cause a 2-3 second delay in loading EVERY site. Very annoying.

Hopefully they've found a way to fix that problem, either by fixing the code or adding hardware.

Soooon.......

there wont be any space in the browser to look at pages, only toolbars. someone has to come up with a toolbar organizing plugin may be?

Re:Soooon.......

Of course... but it will take the form of another toolbar.

There are enough security tools available...

The trick is in persuading people to use them. Microsoft is in the best position to do this, and I applaud the techniques they released in SP2 to recommend basic firewalling and regular software updates, but it is still up to users to run a virus scanner, file integrity checker, and turn off services they don't require.

A vegetarian diet is tastier and better for you than what most people eat, but it requires consciousness that there is a problem with the status quo and a dedication to change it. Similarly it is easier to run a computer packed full of spyware and viruses than it is to research the problem and patch the holes. That's up to the end user, but they first need to be aware of the problems -- and it's up to people like us to wake them up.

Re:There are enough security tools available...

Vegetarians don't know how to eat, let alone how to use a toolbar.

Vegetarians: The Other White Meat!

Tastier? I think that would be hard to substantiate objectively.

I'd say with vast array of available animal protein out there (Bison, Ostrich, Gator, Cow, Pig, a huge variety of Fish (Cod, Halibut, Trout, Herring, Sardine, Mackerel, Talapia, Swordfish, Marlin, Tuna, Salmon, etc), other Aquatic life (Shrimp, Scallops, Lobster, Crab, Oysters, Octopus, etc), and various birds (Turkey, Chicken, Duck, Goose, Pheasant, Quail, etc)), there is little doubt that with proper preparation, you can have a vast variety of flavours. Yes, you can also have a vast variety of vegetable flavours (if they are prepared right), but if you think Vegetarian is tastier, it is either a personal preference or a very limited exposure to the range of animal-related meal items. Being an omnivore and fairly well travelled food-wise, I've sampled great vegetarian and carnivore dishes and couldn't imagine trying to say which was 'tastier'.

As for healthy, vegetarian diets have some shortcomings. I've actually had one friend who was a Vegan ordered by her doctor to start eating meat again despite her best efforts to procure all the required nutrients and vital vitamins elsewhere. If I recall, one of the B complex vitamins was fairly hard to come by sufficiently without eating meat, despite various supplementations during any given year.

Keep in mind as well that herbivores rule few food chains. Why? Because when worst comes to worst, an omnivore can eat plants *and* animals. A vegetarian that is rigidly so can only eat one out of two. The ominvores natural advantage is he can actually eat the vegetarians. Generally, the omnivore also recieves the benefit of concentration of food value up the food chain that predators do - the lower creatures in the chain (often herbivores) do a lot of the work concentrating food value and the predator reaps the reward.

Or put another way, when you look at a salad, you don't see food, you see what food eats.

We can all only make our own choices, but my ancestors worked for many millions of years to get to the top of the food chain, and that involved eating meat. I'm not about to dishonour that huge amount of effort and sacrifice :)

To each his own, just keep in mind that when the end comes, one camp will be walking rations for the other.... :)

Petname toolbar

I'd also like to remind people about the Petname Toolbar [waterken.com] from Tyler Close, which uses capability-security concepts.

When you visit your bank site for the first time, you enter your own chosen "pet name" for the bank, which is like a nickname. Then when you (supposedly) visit the bank again via clicking on a link, it will show you the same pet name if it is the same site. If it is a phishing site you will see a glaring indication that the site is new and not one you have previously visited and trusted. This way you will know when you are at the site that you should be at.

It is a simple concept and doesn't rely on any humongous database created by external users. For Firefox, available today!

In the spirit of the Nietzche/God quote...

Slashdot is dead
-Netcraft

Netcraft is Slashdotted
-Death

(Stupid filters can't handle a well formatted joke...)

Mozilla on FreeBSD confirms

Netcraft is dying....

Wouldn't it be ironic...

if this was an imitation site tricking visitors into installing a malicious "toolbar" ?

Now if only I could get my people to use firefox

I work as a sysadmin and I recently sent out an e-mail about phishing just as a general warning. As I was walking around to the other offices one of my co-workers said she wished I had sent that out a week ago and that she had just recently been phished. I got htat from two other people in the course of my rounds (in an org of less than 50). Now if only I could get my people to adopt firefox........ They could join in the battle rather than being duped.

Re:Now if only I could get my people to use Firefo

at which point you show them the clause in the employment contract that says "our computers are only avaliable for you to do actual work on", then go to slashdot and post about it.

how well does this actually work

no I havent tried it (don't really use phishing sites much myself ;)

but "Toolbar users have submitted more than 5,600 phishing sites"

aren't these phishing sites usually up for only a short time, like a couple days, before they get shut down? I would think that most the sites on the 'bad list' would be shut down by the time a user gets around to updating thier 'bad list' for their toolbar.

just a guess.

First Impressions

I wasn't too happy with it. I uninstalled it an hour or so after installing it.

The anti-phishing feature ID'd just about every site I visited as a threat. In some cases it might be looking at images hosted on a different host, but I think it was choking on xhtml namespaces as well. I need to reinstall it too figure this out.

I seems to add about 10-15 seconds to Firefox's start up time. I observed the same issue with the IE version. This was enough to uninstall the toolbar from both browsers.

I value Netcraft's services, but I think I'll go directly to their site instead.

What the toolbar thinks of Slashdot...

Installed this toolbar, then visited Slashdot, ad received:

"The page you are trying to visit is using Cross-Site Scripting (XSS). This is a technique commonly used in phishing attacks."
...
"If this is a mistake, please report it using the "Report Incorrect Blocked URL" in the Netcraft Menu."

Of course, now it's starting to look like the reporting site is becoming /.ed, so of course that fails...

Netcraft toolbar function via javascript bookmark

Eventough the toolbar gives some additional features, the main function of seeing the site's "report" can be done in any browser with a mere javascript bookmarklet [bloggidity.com]. This example bookmarklet was available since last January.

It breaks tabbed browsing.

According to aebrahim's head [ebrahim.org] it does some really bad things to tabbed browsing.

This looks like..

A result of all the nagging /.ers that read this post --> http://yro.slashdot.org/article.pl?sid=05/05/02/18 8202&tid=158&tid=172&tid=95 [slashdot.org] I was one of the probably hundreds of people that e-mailed asking for a Firefox extension.

Needed?

Haven't we established that this doesnt work anyway? I could swear that was what the last story on this was. Something about how every phisher will just make several sites anyway, and the massive problems with false positves... It's only real purpose is the nice feeling you get from reporting it, like spam.

buggy as hell ... every page i go to phishes!

Even the reporting page appears to have Cross-Site Scripting (XSS). Here's a screenshot [khopesh.com] as proof.

hmm... i think i just reported myself as a phisher by following my own link...

Fix the problem...

It'll cost you your bandwidth, but it's not as much a threat to your geek identity... The lad vampire [aa419.org] DOS's phishing and fake bank sites.

BSD confirms Netcraft is dead

well, at least toolbar.netcraft.com is

Alternate solution:

Read your email in pine. No links. No images. No web-bugs.

Press "h" on the keyboard to see the raw html of html email, including all the headers.

It is very easy to spot fake emails once pine strips off all the glitzy fluff, and you look at the header of any emails that pass initial inspection.

Functionality is buried in Advertising

In the spirit of disclosure, I am affilliated with http://www.fraudeliminator.com/ [fraudeliminator.com] but I can't help but point out that 80% of Netcraft's toolbar is devoted to promoting themselves and has nothing to do with preventing phishing. They also suggested that costco.com was a phishing site. I admit I like to fish around for new tools and toys there, but so far I got what I paid for. :)

EarthLink's Toolbar has done this for a year+

EarthLink's Toolbar contains a module called ScamBlocker, which uses heuristic rules AND a white list AND a server-based black list to help you identify and avoid phisher sites. It's free, and it works even if you hide the toolbar in your browser.

http://www.earthlink.net/software/free/toolbar/ [earthlink.net]

Why not just Tool Icons?

I'm so sick of entire damned toolbars. Why not just a nice little Tool Icon that displays a menu when clicked on? Something neat like the RSS bookmarks in Firefox?

Crying wolf?

I installed the Netcraft toolbar and promptly uninstalled it. Every single site I visited caused a popup warning about cross-site scripting... this included CNN.com, a couple of webcomics and my company's internal web sites. What's the use of an application that flags EVERY web site as potentially hostile? I can be paranoid on my own, thank you.

What to do when you're bored? Fish the phishers!

I have a guilty pleasure, and I want to share it with everyone here. ;)

I look forward to receiving a phishing email. In the past I would just delete the message, but no more! I always visit their web site and give all the information I can (all the info. I can make up that is!) I try my best the make the info look legit; the credit card, bank routing numbers, name, and address, everything!

What better way to bring attention to these crooks than to have them try to access fraudulent accounts? I guess they may have a way to filter out the bogus info, but I have fun making their work more difficult. ;)

Lately, I noticed that the phishers web pages contain some javascript code to checksum the credit card numbers. This was a downer, until I d/l'ed a CC number generator! Oh, now my fun could continue. I hope that more people will take up my pastime.

It's nice to see the conversion effort being made

Even if the program is kind of meh. The more tools floating around to stop this stuff the better.

Sure, many firefox users are already careful enough browsers that they don't stumble into bad stuff often, but as another post put it, there are a lot who aren't and tools like these help protect them.

A classic example? 2 months ago my friend's computer was so hosed by spyware and spam that he had me reformat it. I had already done this for him 4 times in the past so this time I was determined to protect him from himself!

4 hours of careful implementation later I had done it. Using a combination of free software from avg to spybot to firefox to personal firewalls to windows auto-update to a router to act as a hardware firewall, I set him up with every bit of automated protection I could.

He lost about 10% max performance from it all. But, he never noticed the difference because before hand his computer was so riddled with spyware and viruses that he was barely getting 50% performance.

End result? I visited him yesterday for the first time in 2 months. Every piece of software on his computer was updated, his system was totally clean, and get this, he was learning how to use the software himself and becoming a knowledgable computer user because he could be safely productive on his machine. Mission accomplished! Thats what this sort of software is designed for. It isn't for us slashdotters, its for us slashdotters to use to help protect others. And the more options we get, the better.

Yet-Another-Toolbar

I have the bookmarks toolbar, the google toolbar, the yahoo toolbar, the spoofstick toolbar, the netcraft toolbar, the web developer toolbar, the advanced navigation toolbar, and the super duper 1337 toolbar.I wanted some more toolbars, I saw some good ones recently...I got no space left for web browsing, but who needs that when I got my toolbars.

A real anti-phishing, anti-spoofing toolbar

Waterken Petname Tool [waterken.com]

Need help avoiding phishing and spoofing attacks? The petname tool can help you keep it all straight by clearly distinguishing your online relationships.

Using the petname tool, you can save a reminder note about a relationship you have with a site. The petname tool will then automatically display this reminder note every time you visit the site. After following a hyperlink, you need only check that the expected reminder note is being displayed. If so, you can be sure you are using the same site you have in the past.

If you're interested in the rationale behind it, read the whitepaper [waterken.com]. No dependence on/vulnerability to any centralized 'authority' to decide what constitutes a 'malicious site'.

real estate: bar not stackable on other bars

the bar reduces my screen real estate further. the problem with bars in netscape/mozilla/firefox is that the bar cannot be shifted like in IE, so that i can have >= 2 partial bars stacked in one row.

i am no programmer, and i know the development platform or widget or whatever you call it that is used in mozilla is different than in IE. but i would like the bars in mozilla/firefox that are movable and stackable.... one menu bar, one back/forward bar, and one bookmark/link bar is the maximum i can stand.

Re:Spoofstick

yeah spoofstick is really nice since it just puts the URL of the site or IP or whatever you are really on

Re:Let's get this out of the way...

Netcraft confirms SQL is dead [slashdot.org].

Re:Warning: bad software

I agree. Installed it, tried it, saw that it was basically an ad, uninstalled it,. I guess I'll simply add etcraft to the list of companies I don't do business with.