Firefox 2.0 Wins Phishfight Against IE7

An anonymous reader writes "A new study that pitted the anti-phishing technology in Firefox 2.0 against that of IE7 generated some interesting results. From the Washingtonpost.com story: 'Firefox blocked 243 phishing sites that IE7 overlooked, while IE7 locked 117 sites that Firefox did not.' Microsoft responded by pointing to its own supposed comparison study that put it in front of Mozilla and others in phish fighting, but the story notes: '3Sharp, the company that authored the Microsoft study, clearly state on their site that their goal in creating 3Sharp was "to use the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies to enhance the business of our customers."'"

You have to consider...

[otacon]

that most phising sites are designed to circumvent Internet Explorer, since it is the most common internet browser, and practically the only browser for 'clueless' users, especially the ones that would be victims to a phishing site.

looks a lot like huhcorp

[Anonymous Coward]

That 3Sharp site [3sharp.com] look a lot like huhcorp [huhcorp.com].

Firefox, or IE7?

[smittyoneeach]

Firefox, or IE7?
Which way finds one
The phish-free heaven?
Let browser, like foam
Be lynx: sans leaven
Burma Shave

Re:You have to consider...

[LiquidCoooled]

I thought the aim of a phishing site was to circumvent the user?
Its not specifically aimed to run a machine exploit (though some will involve overflowing the address bar), but to convince the user they are on a site they assume is safe.

slashdot.com.au might get some folks others might be fooled by slashdot.info or some other variation (like the whitehouse.com former porn site).
The attack vector is all in your head.

He mentions a whitelist. He must be joking.

[Viol8]

The author of the piece suggests a whitelist must be more practical.
Hmm , so that would mean checking against a list of a few billion web
pages as opposed to a few hundred for the scam pages. Anyone spot the
teensy problem? I do wish that just occasionally journos would have a
small amount of knowledge in the area they're writing about.

Opera?

[elcid73]

I didn't RTA, nor do I have OPera's 9.1TP installed with fraud protection, but I'd be interested in how it fares.

Re:He mentions a whitelist. He must be joking.

[Bill Dimm]

First, it would be a list of domain names rather than webpages, so millions instead of billions. Second, it is only really important to whitelist sites where sensitive information is entered (banks, sites taking credit cards, etc.), so even fewer sites. Finally, the browser could cache the lookup results for the sites you've visited in the past, so it would only need to do a lookup when you visit a site you haven't been to before, like when you accidently go to mybanc.com when you should be at mybank.com. Not really worse than the lookups your browser does to translate domain names into IP addresses.

Firefox antiphising is far from perfect...

[diegocgteleline.es]

...at least until they fix bug #356355 , which "jumps" the antiphising filter

fe, if you go to http://200.119.135.99/ebay/login5878/ [200.119.135.99] the pishing filter will warn you

but if you encode the IP with a unusual encoding

http://0xc8.0x77.0x87.0x63/ebay/login5878/ [0x77.0x87.0x63]

the phising filter will not kick in

They don't look for the obvious

[cvd6262]

I teach a college course for teaching majors. Each year I do a phishing demonstration where I post a bunch of links on my blog, including one to the university's intranet. The links are all full paths (http://...), but the href in the intranet link points to a different server. When the students try to login, they get a message about phishing.

This semester I was a bit worried because I had heard IE 7 had new "anti-phishing technology." I thought IE would obviously check the text of the link against the target address, but that didn't happen. FireFox 2 doesn't either.

How hard would it be to check the text of a link against a regex for urls, then, if it is a url, check that the target is the same?