Firefox 2.0 Wins Phishfight Against IE7 181
An anonymous reader writes "A new study that pitted the anti-phishing technology in Firefox 2.0 against that of IE7 generated some interesting results. From the Washingtonpost.com story: 'Firefox blocked 243 phishing sites that IE7 overlooked, while IE7 locked 117 sites that Firefox did not.' Microsoft responded by pointing to its own supposed comparison study that put it in front of Mozilla and others in phish fighting, but the story notes: '3Sharp, the company that authored the Microsoft study, clearly state on their site that their goal in creating 3Sharp was "to use the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies to enhance the business of our customers."'"
You have to consider... (Score:5, Interesting)
looks a lot like huhcorp (Score:1, Interesting)
Firefox, or IE7? (Score:3, Interesting)
Which way finds one
The phish-free heaven?
Let browser, like foam
Be lynx: sans leaven
Burma Shave
Re:You have to consider... (Score:3, Interesting)
Its not specifically aimed to run a machine exploit (though some will involve overflowing the address bar), but to convince the user they are on a site they assume is safe.
slashdot.com.au might get some folks others might be fooled by slashdot.info or some other variation (like the whitehouse.com former porn site).
The attack vector is all in your head.
He mentions a whitelist. He must be joking. (Score:4, Interesting)
Hmm , so that would mean checking against a list of a few billion web
pages as opposed to a few hundred for the scam pages. Anyone spot the
teensy problem? I do wish that just occasionally journos would have a
small amount of knowledge in the area they're writing about.
Opera? (Score:2, Interesting)
Re:He mentions a whitelist. He must be joking. (Score:3, Interesting)
Firefox antiphising is far from perfect... (Score:5, Interesting)
fe, if you go to http://200.119.135.99/ebay/login5878/ [200.119.135.99] the pishing filter will warn you
but if you encode the IP with a unusual encoding
http://0xc8.0x77.0x87.0x63/ebay/login5878/ [0x77.0x87.0x63]
the phising filter will not kick in
They don't look for the obvious (Score:4, Interesting)
This semester I was a bit worried because I had heard IE 7 had new "anti-phishing technology." I thought IE would obviously check the text of the link against the target address, but that didn't happen. FireFox 2 doesn't either.
How hard would it be to check the text of a link against a regex for urls, then, if it is a url, check that the target is the same?