Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security The Internet

Netcraft Toolbar for Firefox Available 170

Posted by Zonk from the making-the-net-safe-for-democracy dept.
miller60 writes "Netcraft has just released the Firefox version of its anti-phishing toolbar, which blocks known phishing sites and suspicious urls, and displays the hosting information and risk rating for visited sites. Toolbar users have submitted more than 5,600 phishing sites since the IE version was released in late December."
This discussion has been archived. No new comments can be posted.

Netcraft Toolbar for Firefox Available More

Netcraft Toolbar for Firefox Available

Comments Filter:

  • Netcraft confirms.... (Score:5, Funny)

    by FriedTurkey ( 761642 ) * on Tuesday May 24, 2005 @04:40PM (#12627250)
    Netcraft confirms that Firefox users are already smart enough to figure out if a site is phishing

    Netcraft confirms that IE users will install spyware to combat phishing.

    • Re:Netcraft confirms.... (Score:5, Insightful)

      by NetNifty ( 796376 ) on Tuesday May 24, 2005 @04:42PM (#12627283) Homepage
      " Netcraft confirms that Firefox users are already smart enough to figure out if a site is phishing"

      Not necessarily, it isn't just geeks that use Firefox any more - I for one (and I'm sure many other /.ers have too) have installed Firefox for many other people who would be using IE otherwise.
    • "Toolbar users have submitted more than 5,600 phishing sites since the IE version was released in late December."

      If you're going to insult IE users, the least you could do is read the damned article caption. Jeez.
    • In related news, herds of Firefox users experienced difficulties installing the toolbar.
      Netcraft was not available for comment.
    • If you go read the toolbar's FAQs and privacy policies, they collect two kinds of information for every lookup: full name of website, and hash of full URL. They say they'll be well-behaved with the information, but they will disclose it to cops, lawsuits, and any corporate successors (e.g. if somebody buys them, they get the whole database with no obligation to protect policies.) So if you're surfing at www.your-competitor.com, and your competitor sues you, they can find out that you've been at their sit

  • Sweet! (Score:5, Funny)

    by Anonymous Coward on Tuesday May 24, 2005 @04:43PM (#12627288)
    Now I canfirm that *BSD is dying without navigating to a separate page!
    • Well, since I got a "timed out" when tried to download the linux/firefox toolbar, I guess NetCraft now confirms that NetCraft is dying ...

      I'm sure the phishers are working on a new, "improved" version even as we speak ...

  • Kudos Netcraft (Score:4, Insightful)

    by bogaboga ( 793279 ) on Tuesday May 24, 2005 @04:44PM (#12627297)
    "...Better late than never..."

    That aside; if it takes a company like Netcraft almost 6 months to come out with a Linux version, to me that's being slow to act. Thanx never-the-less to Netcraft.

    • I don't think the Firefox version is limited to Linux.

    • Re:Kudos Netcraft (Score:5, Interesting)

      by ProfaneBaby ( 821276 ) on Tuesday May 24, 2005 @04:54PM (#12627414)
      Speaking of 'slow', the IE version was so painfully slow that I uninstalled it after 2 days.

      I'm not sure if the load was because it was 'new' and popular, or if they didn't anticipate the number of downloads, but having the toolbar active would cause a 2-3 second delay in loading EVERY site. Very annoying.

      Hopefully they've found a way to fix that problem, either by fixing the code or adding hardware.
      • If the toolbar goes to Netcraft's server to query its DB if such-and-such is a bad site for every URL it visits, I can't imagine how slow it would run and how expensive their bandwidth bill would become, not to mention the privacy issues of telling Netcraft your every move on the web. Perhaps it works like antiviruses, with regular updates posted on the server that can (or should) be automatically downloaded. That should make it easy for bandwidth, and the updates can be made incremental so that you only ha
    • The real question is, will they be coming out with a *BSD version?

  • Soooon....... (Score:5, Funny)

    by cloudreader ( 801693 ) <cloudreaderzedd AT yahoo DOT com> on Tuesday May 24, 2005 @04:44PM (#12627300)
    there wont be any space in the browser to look at pages, only toolbars. someone has to come up with a toolbar organizing plugin may be?

    • Re:Soooon....... (Score:5, Funny)

      by StratoChief66 ( 841584 ) on Tuesday May 24, 2005 @04:47PM (#12627336) Homepage
      Of course... but it will take the form of another toolbar.
    • does it have to be a toolbar, why does it need to be visible at all times?
    • Or a toolbar toolbar.
    • Have you ever seen the IE screens of people that are a bit clueless? They will have an iShop toolbar, an Alexa toolbar, a Google toolbar, a Yahoo toolbar, and at least 2 or 3 other toolbars, plus another one altogether displaying "Hot new game" or something like that. Since most of them don't like "the words little" they have their computers at 800x600 resolution, meaning effectively they have about a 720x40 browsing area.
    • One toolbar to rule them all, and in the darkness bind them...
    • Parent is not just funny, it is insightful. There should be a +2 mod for that.

      When the unicode mapping exploit became known to me, I played around with the SpoofStick extension to Firefox, which mapped the unicode into punycode to make the phishing attempt more apparent. It worked as advertised, but aside from being unbelievably ugly, SpoofStick required creation of yet another toolbar. I use a laptop, so vertical screen space is at a premium. No more toolbars!!

      Fortunately, updated Firefox config opti
    • I don't really know why netcraft needs to be in the form of a toolbar. Why can't it be like AdBlock and put a small icon in lower right corner. I mean, it's not like a search engine where you actually need to have much intereaction with it.

      instead i suggest that they have a small icon on the lower right corner as suggested before. when the user is trying to access a known phishing site, either pop up a error box asking if user would like to continue, or redirect them to warning page. to submit phising site
    • To save screen space, how about a small animated character that pops up and warns you when you hit a phishing site and gives you a list of options? Symbolically, it could look like a fishhook or a bent piece of wire...
    • Simple solution: Write an HTML rendering toolbar that allows you to view webpages!
  • The trick is in persuading people to use them. Microsoft is in the best position to do this, and I applaud the techniques they released in SP2 to recommend basic firewalling and regular software updates, but it is still up to users to run a virus scanner, file integrity checker, and turn off services they don't require.

    A vegetarian diet is tastier and better for you than what most people eat, but it requires consciousness that there is a problem with the status quo and a dedication to change it. Similar

    • Re:There are enough security tools available... (Score:4, Funny)

      by 8086ed ( 876715 ) on Tuesday May 24, 2005 @04:47PM (#12627334)
      Vegetarians don't know how to eat, let alone how to use a toolbar.

    • A vegetarian diet is tastier and better for you than what most people eat

      Your point is well taken, but the "tastiness" of a vegetarian diet is very much a personal preference and the healthiness is a matter of your metabolism. A full 8% of the human race will slowly die without meat in their diet due to the lack of certain enzymes. As an aside, have you ever noticed how vegetarian meals often are imitations of meat or dairy products? I've seen vegetarian cheeseburgers and thought, "man, just buy the re

      • You also never see Imitation veggies made out of beef!
      • My sister is a vegetarian, and I get sick if I don't have meat. (Plus I'm allergic to onions and the green pepper family, so there goes at least half the easily available vegetarian options.) I'd never heard that 8% would die without meat in their diet, now I can tell Mom I'm not making it up!

        Vegetarian is definitely not better for me.

        My sister also happens to be the kind of person who needs this kind of protection for her computer, so I hope no one is trying to draw any parallels with that.
      • Actually, I'm not vegetarian, but I often buy various kinds of veggie burgers because I like them. They aren't the same as a 'real' burger (which I also like), but they have their own merits.

    • Vegetarians: The Other White Meat! (Score:4, Funny)

      by kaladorn ( 514293 ) on Tuesday May 24, 2005 @05:50PM (#12627954) Homepage Journal
      Tastier? I think that would be hard to substantiate objectively.

      I'd say with vast array of available animal protein out there (Bison, Ostrich, Gator, Cow, Pig, a huge variety of Fish (Cod, Halibut, Trout, Herring, Sardine, Mackerel, Talapia, Swordfish, Marlin, Tuna, Salmon, etc), other Aquatic life (Shrimp, Scallops, Lobster, Crab, Oysters, Octopus, etc), and various birds (Turkey, Chicken, Duck, Goose, Pheasant, Quail, etc)), there is little doubt that with proper preparation, you can have a vast variety of flavours. Yes, you can also have a vast variety of vegetable flavours (if they are prepared right), but if you think Vegetarian is tastier, it is either a personal preference or a very limited exposure to the range of animal-related meal items. Being an omnivore and fairly well travelled food-wise, I've sampled great vegetarian and carnivore dishes and couldn't imagine trying to say which was 'tastier'.

      As for healthy, vegetarian diets have some shortcomings. I've actually had one friend who was a Vegan ordered by her doctor to start eating meat again despite her best efforts to procure all the required nutrients and vital vitamins elsewhere. If I recall, one of the B complex vitamins was fairly hard to come by sufficiently without eating meat, despite various supplementations during any given year.

      Keep in mind as well that herbivores rule few food chains. Why? Because when worst comes to worst, an omnivore can eat plants *and* animals. A vegetarian that is rigidly so can only eat one out of two. The ominvores natural advantage is he can actually eat the vegetarians. Generally, the omnivore also recieves the benefit of concentration of food value up the food chain that predators do - the lower creatures in the chain (often herbivores) do a lot of the work concentrating food value and the predator reaps the reward.

      Or put another way, when you look at a salad, you don't see food, you see what food eats.

      We can all only make our own choices, but my ancestors worked for many millions of years to get to the top of the food chain, and that involved eating meat. I'm not about to dishonour that huge amount of effort and sacrifice :)

      To each his own, just keep in mind that when the end comes, one camp will be walking rations for the other.... :)
      • ...ominvores natural advantage is he can actually eat the vegetarians...

        I never thought of that! I wonder how they taste?

  • Petname toolbar (Score:5, Informative)

    by SiliconEntity ( 448450 ) on Tuesday May 24, 2005 @04:47PM (#12627325)
    I'd also like to remind people about the Petname Toolbar [waterken.com] from Tyler Close, which uses capability-security concepts.

    When you visit your bank site for the first time, you enter your own chosen "pet name" for the bank, which is like a nickname. Then when you (supposedly) visit the bank again via clicking on a link, it will show you the same pet name if it is the same site. If it is a phishing site you will see a glaring indication that the site is new and not one you have previously visited and trusted. This way you will know when you are at the site that you should be at.

    It is a simple concept and doesn't rely on any humongous database created by external users. For Firefox, available today!

    • Re:Petname toolbar (Score:3, Insightful)

      by Ochu ( 877326 )
      And anyone computer-savvy enough to be using firefox, downloading addons, making pet names, and then remembering to check won't be caught by a pisher anyway...

  • In the spirit of the Nietzche/God quote... (Score:5, Funny)

    by Anonymous Coward on Tuesday May 24, 2005 @04:47PM (#12627337)
    Slashdot is dead
    -Netcraft

    Netcraft is Slashdotted
    -Death

    (Stupid filters can't handle a well formatted joke...)

  • Wouldn't it be ironic... (Score:5, Funny)

    by $$CALL NOW ( 777965 ) on Tuesday May 24, 2005 @04:48PM (#12627345)
    if this was an imitation site tricking visitors into installing a malicious "toolbar" ?

  • Now if only I could get my people to use firefox (Score:5, Interesting)

    by 1967mustangman ( 883255 ) on Tuesday May 24, 2005 @04:49PM (#12627353)
    I work as a sysadmin and I recently sent out an e-mail about phishing just as a general warning. As I was walking around to the other offices one of my co-workers said she wished I had sent that out a week ago and that she had just recently been phished. I got htat from two other people in the course of my rounds (in an org of less than 50). Now if only I could get my people to adopt firefox........ They could join in the battle rather than being duped.

  • how well does this actually work (Score:5, Insightful)

    by JeanBaptiste ( 537955 ) on Tuesday May 24, 2005 @04:52PM (#12627385)
    no I havent tried it (don't really use phishing sites much myself ;)

    but "Toolbar users have submitted more than 5,600 phishing sites"

    aren't these phishing sites usually up for only a short time, like a couple days, before they get shut down? I would think that most the sites on the 'bad list' would be shut down by the time a user gets around to updating thier 'bad list' for their toolbar.

    just a guess.

  • First Impressions (Score:5, Informative)

    by DanCentury ( 110562 ) on Tuesday May 24, 2005 @04:57PM (#12627439)
    I wasn't too happy with it. I uninstalled it an hour or so after installing it.

    The anti-phishing feature ID'd just about every site I visited as a threat. In some cases it might be looking at images hosted on a different host, but I think it was choking on xhtml namespaces as well. I need to reinstall it too figure this out.

    I seems to add about 10-15 seconds to Firefox's start up time. I observed the same issue with the IE version. This was enough to uninstall the toolbar from both browsers.

    I value Netcraft's services, but I think I'll go directly to their site instead.
    • Okay: I tested it again. It isn't choking on namespaces. The problem might be that I'm looking at a page on my local intranet, and so it doesn't know what to make of it.

      Anyway...
    • I've noticed slow-down problems with the Netcraft Toolbar for IE, as well as A9 for Firefox. A9 causes a pause as I switch from one tab to another, as well as appearing to choke on https pages. Has anyone else experienced (or solved) this problem?
  • Installed this toolbar, then visited Slashdot, ad received:

    "The page you are trying to visit is using Cross-Site Scripting (XSS). This is a technique commonly used in phishing attacks."
    ...
    "If this is a mistake, please report it using the "Report Incorrect Blocked URL" in the Netcraft Menu."

    Of course, now it's starting to look like the reporting site is becoming /.ed, so of course that fails...

  • Netcraft toolbar function via javascript bookmark (Score:3, Interesting)

    by Ized ( 764731 ) on Tuesday May 24, 2005 @05:04PM (#12627516)
    Eventough the toolbar gives some additional features, the main function of seeing the site's "report" can be done in any browser with a mere javascript bookmarklet [bloggidity.com]. This example bookmarklet was available since last January.

  • It breaks tabbed browsing. (Score:5, Informative)

    by topher1kenobe ( 2041 ) on Tuesday May 24, 2005 @05:04PM (#12627525) Homepage
    According to aebrahim's head [ebrahim.org] it does some really bad things to tabbed browsing.
    • Confirmed, at least for the 20 minutes the toolbar was installed for me. Netcraft has a lot more porting to do to get a FF version of the toolbar working right. The toolbar doesn't appear to be aware of tabs itself and the other open tabs stopped updating the address bar when they are switched to. FYI: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 - Already submitted to Netcraft.

  • This looks like.. (Score:2, Interesting)

    by hass ( 869418 )
    A result of all the nagging /.ers that read this post --> http://yro.slashdot.org/article.pl?sid=05/05/02/18 8202&tid=158&tid=172&tid=95 [slashdot.org] I was one of the probably hundreds of people that e-mailed asking for a Firefox extension.

  • Needed? (Score:3, Interesting)

    by Ochu ( 877326 ) on Tuesday May 24, 2005 @05:15PM (#12627605) Homepage
    Haven't we established that this doesnt work anyway? I could swear that was what the last story on this was. Something about how every phisher will just make several sites anyway, and the massive problems with false positves... It's only real purpose is the nice feeling you get from reporting it, like spam.
  • Even the reporting page appears to have Cross-Site Scripting (XSS). Here's a screenshot [khopesh.com] as proof.

    hmm... i think i just reported myself as a phisher by following my own link...
    • Even the reporting page appears to have Cross-Site Scripting (XSS). Here's a screenshot as proof.

      So I sent in a bug report at the same time as the parent post and got a response just now:

      Thanks for the report.

      This was caused by an error in the toolbar which only became apparent if the toolbar server was overloaded, which is exactly what happened when firefox version was released.

      We have made a new release which should fix this problem. Could you please try Tools Menu -> Extensions, select th

  • It'll cost you your bandwidth, but it's not as much a threat to your geek identity... The lad vampire [aa419.org] DOS's phishing and fake bank sites.

  • well, at least toolbar.netcraft.com is

  • Alternate solution: (Score:3, Insightful)

    by deacon ( 40533 ) on Tuesday May 24, 2005 @05:52PM (#12627975) Journal
    Read your email in pine. No links. No images. No web-bugs.

    Press "h" on the keyboard to see the raw html of html email, including all the headers.

    It is very easy to spot fake emails once pine strips off all the glitzy fluff, and you look at the header of any emails that pass initial inspection.

  • In the spirit of disclosure, I am affilliated with http://www.fraudeliminator.com/ [fraudeliminator.com] but I can't help but point out that 80% of Netcraft's toolbar is devoted to promoting themselves and has nothing to do with preventing phishing. They also suggested that costco.com was a phishing site. I admit I like to fish around for new tools and toys there, but so far I got what I paid for. :)
  • EarthLink's Toolbar contains a module called ScamBlocker, which uses heuristic rules AND a white list AND a server-based black list to help you identify and avoid phisher sites. It's free, and it works even if you hide the toolbar in your browser.

    http://www.earthlink.net/software/free/toolbar/ [earthlink.net]

  • Why not just Tool Icons? (Score:3, Interesting)

    by CatMan79 ( 788170 ) on Tuesday May 24, 2005 @06:57PM (#12628743)
    I'm so sick of entire damned toolbars. Why not just a nice little Tool Icon that displays a menu when clicked on? Something neat like the RSS bookmarks in Firefox?

  • What to do when you're bored? Fish the phishers! (Score:4, Funny)

    by BetaJim ( 140649 ) on Tuesday May 24, 2005 @07:35PM (#12629111)

    I have a guilty pleasure, and I want to share it with everyone here. ;)

    I look forward to receiving a phishing email. In the past I would just delete the message, but no more! I always visit their web site and give all the information I can (all the info. I can make up that is!) I try my best the make the info look legit; the credit card, bank routing numbers, name, and address, everything!

    What better way to bring attention to these crooks than to have them try to access fraudulent accounts? I guess they may have a way to filter out the bogus info, but I have fun making their work more difficult. ;)

    Lately, I noticed that the phishers web pages contain some javascript code to checksum the credit card numbers. This was a downer, until I d/l'ed a CC number generator! Oh, now my fun could continue. I hope that more people will take up my pastime.

    • Here, have a ball. Try the script in my .sig.

  • Waterken Petname Tool [waterken.com]

    Need help avoiding phishing and spoofing attacks? The petname tool can help you keep it all straight by clearly distinguishing your online relationships.

    Using the petname tool, you can save a reminder note about a relationship you have with a site. The petname tool will then automatically display this reminder note every time you visit the site. After following a hyperlink, you need only check that the expected reminder note is being displayed. If so, you can be sure you are using t

Slashdot Top Deals

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Close