Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Software

Netcraft Releases Anti-Phishing Toolbar 236

Posted by michael from the safety-first dept.
AgainstHate writes "Netcraft has released an Anti-Phishing Toolbar that provides detailed information about the website you are visiting (sites' hosting location, country, longevity and popularity) at all times to help users to validate fraudulent URLs. It also natively traps cross site scripting and other suspicious URLs. The toolbar also enables users to report phishing attacks to Netcraft, thus blocking any other unsuspecting users from being harmed (Netcraft supervisor validation is used to contain the impact of any false reporting). Currently the toolbar is only available for IE but a Firefox version is under development."
This discussion has been archived. No new comments can be posted.

Netcraft Releases Anti-Phishing Toolbar More

Netcraft Releases Anti-Phishing Toolbar

Comments Filter:

  • Nostradamus Predicts (Score:5, Insightful)

    by the_mad_poster ( 640772 ) <shattoc@adelphia.com> on Thursday December 30, 2004 @11:42AM (#11218998) Homepage Journal
    This will have little affect because:

    1) The people who really need it will never hear about it.

    2) Even if 1 fails to return true, the people who really need it will never be able to find it amongst the 82 other toolbars that various companies have so helpfully installed for the sucke.... uh... users.

    • Re:Nostradamus Predicts (Score:5, Interesting)

      by Gentlewhisper ( 759800 ) on Thursday December 30, 2004 @11:48AM (#11219069)
      They really don't need a firefox version anyway..

      People who use firefox fall under those who don't really need it :)

      • Re:Nostradamus Predicts (Score:5, Insightful)

        by The Snowman ( 116231 ) * on Thursday December 30, 2004 @11:55AM (#11219138)

        They really don't need a firefox version anyway..

        People who use firefox fall under those who don't really need it :)

        Maybe for the time being. Right now, Firefox largely is a geek browser. However, recent news shows that it is becoming more popular and mainstream. Software can only do so much to curb user ignorance. Firefox is not perfect, nor does it stop phishing and other scams. Plugins, such as this toolbar, could help prevent Joe Sixpack from scammers and phishers. After seeing enough message boxes about malicious sites, hopefully he will learn the skills he needs so he will not need the toolbar anymore.

        If Firefox does not keep the scammers and phishers away, new users will abandon it and go back to what they already know: IE.

        • Re:Nostradamus Predicts (Score:5, Insightful)

          by RangerRick98 ( 817838 ) on Thursday December 30, 2004 @12:06PM (#11219244) Journal
          Software can only do so much to curb user ignorance.

          You make the point very well right there. I don't care what features a browser includes to curb scamming and phishing and the like, if the users don't pay attention to what they're doing it won't make a bit of difference. Toolbars are out of the way and require a conscious decision to check them, and so they probably won't do any good, and popup messages are so common for the most mundane of errors that a lot of users I know won't even read it before clicking OK, even if it's a popup they know they haven't seen before.

          Users need to learn not to assume their computer and the Internet are safe and instead educate themselves on how to recognize scams themselves.

          • Re:Nostradamus Predicts (Score:5, Interesting)

            by The Snowman ( 116231 ) * on Thursday December 30, 2004 @12:19PM (#11219358)

            Users need to learn not to assume their computer and the Internet are safe and instead educate themselves on how to recognize scams themselves.

            Yes, but users don't always want to learn. The old saying "ignorance is bliss" is true. Maybe I am jaded from dealing with computer customers and users for so long, but I think most people really don't want to learn those skills. They would rather have someone else or the software do it.

            Most people would rather have someone else change the oil in their cars, even though it takes 10 minutes and half the money than professionals charge. I have changed stuff like alternators, lights, belts, etc. for far less money than professionals would charge. However, most people do not want to spend the time to learn how. Just the same, people would rather trust the professionals to keep them safe in their web browser rather than learning how to do it themselves.

            • Yes, but users don't always want to learn

              That's very true. I don't know why there's this mentality among users that the computer is responsible for keeping all the bad guys out while letting the good stuff in and requiring no human component to that. I can't come up with a good analogy to explain my point, but why is it that computers are expected to be able to fend for themselves and protect their users when no other product has the same responsibility?

            • You're underestimating the effort involved. (Score:5, Insightful)

              by sean.peters ( 568334 ) on Thursday December 30, 2004 @12:55PM (#11219711) Homepage
              Most people would rather have someone else change the oil in their cars, even though it takes 10 minutes and half the money than professionals charge.

              Hogwash.

              • driving to the auto parts place to get oil, filters, etc - 20 minutes
              • draining oil, removing filter, installing new filter, adding oil - 10 minutes for this step only if you do this for a living. At least 15 minutes for ordinary mortals.
              • Driving halfway across the county to the only place that will take used oil for recycling - 45 minutes
              • Washing the clothes that got dirty while working on car - 30 minutes (with the possibility of doing other things during wash/dry cycle)
              • 45 minutes/$30 spent getting Jiffy Lube to do it, while I shop, read, etc... priceless

              Yes, I changed my own oil for years. Now I have better things to do with my life. Change a few words around in this reasoning, and you'll understand why "most people" don't want to fool around with their computers.

              Sean

              • One to add to your list--owning proper jackstands and wheel chocks. You're not supposed to do all this underneath the included wheel jack, y'know. I agree with the point the grandparent was trying to make but he picked a reeeeally bad example.
              • I don't take my vehicle to jiffy lube because the guys working in those shops, usually with one exception, don't know shit and are likely to fuck up your vehicle. There is usually one guy who works for any given shop like that who knows anything about anything and he's never there.

                True stories of Jiffy Lube include coolant being put in the fucking engine through the oil cap, oil in the automatic trans and trans fluid in the engine, and an unending series of untightened or uninstalled filler caps and drain

              • Hogwash:
                • driving to the auto parts place to get oil, filters, etc - 20 minutes for the first visit, buy enough for 2 or 3 changes. Do it while you are already out, when you start nearing the next change.
                • draining oil, removing filter, installing new filter, adding oil - 10 minutes is plenty. As long as you didn't go to the jiffy lube and have superman crank down the filter and oil plug, that is.
                • Driving halfway across the county to the only place that will take used oil for recycling - I have to admit
            • Yes, but users don't always want to learn. The old saying "ignorance is bliss" is true.

              More to the point, once you put a "trusted and automatic" mechanism in place, it won't take long before that gets exploited such that scammers will have people falsely believing they are safe. I think that situation is infinitely worse.

              As my ju-jutsu sensei used to say, the fundamental problem is that people want to live in a constant state of "condition green" (everything is reasonably safe, except for the odd natura
            • I agree. I find the idea of people on Slashdot complaining that users do not educate themselves kind of interesting... considering the recent Slashdot poll on Dec 28: "When do you read the instructions?" [slashdot.org]

              Basically around half the respondants said they do not read the instructions, or only pay cursory attention to them if they do (i.e. they may read the quickstart guide, or not even that... unless something blows up). If only half of the supposedly educated people on Slashdot read the instructions, why shou

            • I have a Ford. that means i don't need to change my oil on my own. I just get the shop to do it every 5K miles when i bring it in to get the engine fixed. Along with a new intake manifold, they changed the oil for me too!
          • Users need to learn not to assume their computer and the Internet are safe and instead educate themselves on how to recognize scams themselves.

            The problem with this logic is that the phishing scams are so good, many "educated" users can't tell the difference. Take for instance the phishing scams that pop-up an image over the URL bar (with no borders) that makes the page look like http://www.citibank.com/ with a login page identical to the real thing. Of course, in the real URL bar, www.hackers-r-us.com
            • phishing scams that pop-up an image over the URL bar (with no borders)

              In this case I will say 100% that that is a problem with the web browser and clearly needs to be remedied in the software. No browser should allow a site to mask its URL. Most phishing scams I've heard of are less sophisticated than that, but then again, it's been a while since I've had to deal with them.

            • The problem with this logic is that the phishing scams are so good, many "educated" users can't tell the difference. Take for instance the phishing scams that pop-up an image over the URL bar (with no borders) that makes the page look like http://www.citibank.com/ with a login page identical to the real thing. Of course, in the real URL bar, www.hackers-r-us.com shows up, but it's covered with the image of a legitimate URL. You can't expect users to be able to identify this, and you can't really call this

          • When download servers points to sites that does not have a fqdn, e.g. when downloading mozilla, do you pay attention?
          • Why not make it so that it automatically blocks access to the sites.
            i.e. anytime you access a known scam site (with a continually updated database where entries are checked to make sure they are scam sites), it will block access to it with a "cant access this site" message of some kind.
            If you really want to access the site, there should be a way to do it but a way that is difficult to use (so that most newbies wont be able to find out how to use it) and it should have many warnings about why accessing a kno
        • Maybe for the time being. Right now, Firefox largely is a geek browser. However, recent news shows that it is becoming more popular and mainstream.

          This really hit home with me over the Christmas holidays. I was down in Arkansas visiting relatives (I'm out of Chicago now), and I overheard two of my uncles talking about "Fox Fire, or something like that". Turns out that one of my uncles had already switched to Firefox AND Thunderbird. He had never heard of tabbed browsing, he was just tired of the "crap fr

      • Re:Nostradamus Predicts (Score:5, Interesting)

        by the_mad_poster ( 640772 ) <shattoc@adelphia.com> on Thursday December 30, 2004 @11:58AM (#11219155) Homepage Journal
        Not true at all. I happen to be the proud owner of a very serious exploit in the shopping cart of a major online retailer - an exploit of a simple-fix problem they refuse to even look at.

        The gist is this - there's a variable in the GET string of the cart which does no input sanitization or checking at all. I derived a GET string which caused an invisible iframe to be embedded in the shopping cart page of this retailer. Inside the iframe, however, was a page pointing to one of my sites on which a fake form resided. The page/form claimed you would "Get a free gift for only 99 cents S&H" and asked for name, address, phone number, and credit card. The ONLY indicator that it's fake is:

        1. The hard to read GET string which, if you know HTML and the concept of CGI, you could figure out points to a "bad" page if you looked at it.

        2. The javascript alert that says "owned" after you click the "submit" button.

        I even photoshopped some of their own button graphics and used their CSS files to maintain the look of the site.

        They have yet, after almost a year, to fix the problem.

        Firefox is just as vulnerable as anything else, and this particularly nasty XSS attack was fairly hard to detect. Do not rely on your browser to save you from yourself.
        • The alert needs to say "pwned". Then they'll ph34r your skillz (or something) and try and get your local police force to raid your house.

      • Re:Nostradamus Predicts (Score:5, Informative)

        by computational super ( 740265 ) on Thursday December 30, 2004 @12:17PM (#11219335)

        Hmmmm... I'm almost afraid to admit this, but I'm a Firefox user who might be able to use this. There's a lot of information there that I've never been able to figure out how to determine using publicly available resources. According to TFA, Netcraft will report site, domain, ip address, country, date first seen, organization, last reboot, netblock owner, site rank, name server, DNS admin, and reverse DNS. Obviously I can use nslookup to figure out the IP address, and internic.net to look up the domain and figure out name server, dns admin, etc. but country? netblock owner? Date first seen?

        The example shown in TFA, for example, shows netcraft.com being hosted in the UK... obviously, this is more sophisticated than just checking to see if the domain is co.uk. It seems like they actually are providing some value by maintaining a database... figuring out the hosting country from an IP address is supposed to be impossible.

        Of course, I'm not downloading anything until I've seen it reviewed for a while to see if the database they're maintaining is useful in any way, shape or form - if 99% of the sites aren't in their database (and they're just showing me WHOIS lookups), then yeah, I guess I fall into the "don't really need it" category.

      • "They really don't need a firefox version anyway.. People who use firefox fall under those who don't really need it :)"

        Oh yeah? How did you do on this quiz [mailfrontier.com]?
        • Huh. What a bizarre quiz.

          "We're back with 10 new suspect "phish" fresh from our collection - all actually received by real people like you. Whether you're brand new or a repeat tester, the question is the same: If you received one of these emails in your inbox - what would you do?"

          My answer is, of course, I'd read it if it was related to a company I do business with, and then go to their website (on my own) to find out what's going on. I would not ever click a link in the email. Parsing emails for HTML is
      • Actually, in a way, they already have it...SpoofStick [mozilla.org] is an extension that'll help detect spoofed sites.
    • 1) The people who really need it will never hear about it.

      My first reaction to this was similar, shouldn't this be built into the browser ?.
    • Comment removed based on user account deletion

  • Sounds like (Score:2, Insightful)

    by Gr8Apes ( 679165 )
    something you'd look at initially, get used to, and quickly ignore.

    • Adware? (Score:5, Informative)

      by plover ( 150551 ) * on Thursday December 30, 2004 @11:54AM (#11219128) Homepage Journal
      Not necessarily: did you read the EULA?

      8 Advertising and sponsorship

      Part of the Toolbar may contain advertising and sponsorship. Advertisers and sponsors are responsible for ensuring that material submitted for inclusion on the Toolbar complies with relevant laws and codes. We will not be responsible for any error or inaccuracy in advertising and sponsorship material.

      So, be warned: it may contain some kind of adware, and it may be the kind you find hard to ignore. I'm not installing it until I know more.

      • Re:Adware? (Score:2, Insightful)

        by myukew ( 823565 )
        excellent. could've been my idea! let's stop all the other phishers so we can phish more effectively!

        That's what I call a good strategy
      • Part of the Toolbar may contain advertising and sponsorship.

        Ha! I suspected this as soon as I saw that it was coming out for IE first...

  • Reporting to the Business targeted (Score:4, Interesting)

    by jlrowe ( 69115 ) on Thursday December 30, 2004 @11:42AM (#11219003)
    I wonder if Netcraft has a method to report to the targetted business (banks, Ebay, etc) so they can follow up on legal action.

  • Confirmed.. (Score:4, Funny)

    by maskedbishounen ( 772174 ) on Thursday December 30, 2004 @11:43AM (#11219007)
    Netcraft confirms it. Only /. readers are ever going to use this.

    *ducks*
    • And probably not even them. I do not use IE. I am perfectly ca[able of discerning a phishing email when I get one. Simply look at where the link is actually directed. If not ebay.com but some rather unofficial looking website, then guess what. I just delete it, or if I have the time, I do a whois on the domain and send a copy to the isp. I am not going to turn that process over to yet another tool bar.

  • For Firefox... (Score:5, Informative)

    by excaliber19 ( 750206 ) on Thursday December 30, 2004 @11:44AM (#11219019)
    Not perfect by any means, but sure helps:

    Firefox SpoofStick Extension [mozilla.org]

  • Heh (Score:4, Insightful)

    by Eric(b0mb)Dennis ( 629047 ) on Thursday December 30, 2004 @11:44AM (#11219026)
    Will this really protect people who succumb to phishing in the first place?

    If you're going to fall for one of the oldest tricks in the book, I don't think this new-fangled anti-phishing toolbar is going to do you any help.

  • Netcraft confirms (Score:5, Funny)

    by AtariAmarok ( 451306 ) on Thursday December 30, 2004 @11:46AM (#11219033)
    It is official; Netcraft confirms: Phishing is dying.

    One more crippling bombshell hit the already beleaguered phishing community when IDC confirmed that successful phishing attempts have dropped yet again, now down to less than a fraction of 1 percent of all phish-mails sent out. Coming on the heels of a recent Netcraft survey which plainly states that phishing has lost more market share, this news serves to reinforce what we've known all along. Phishing is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive scam list.

    You don't need to be a Kreskin to predict phishing's future. The hand writing is on the wall: Phishing faces a bleak future. In fact there won't be any future at all for phishing because phishing is dying. Things are looking very bad for phishing. As many of us are already aware, phishing continues to lose market share. Red ink flows like a river of fish-blood.

    CitiBank phishes are the most endangered of them all, having lost 93% of its core spam-relays. The sudden and unpleasant departures of long time phishmeisters developers Gordon "Bassmaster" Hubble and Frank "Fifth Third" Blackman only serve to underscore the point more clearly. There can no longer be any doubt: Phishing is dying.

    Fact: Phishing is dying

  • Popup Blocker? (Score:3, Informative)

    by hendridm ( 302246 ) * on Thursday December 30, 2004 @11:46AM (#11219047) Homepage
    I installed it at work yesterday because I like Netcraft and I only use the Google toolbar on IE to block popups (although I use Firefox 99% of the time anyway). I noticed it didn't block popups from the sites I visit (ex: cnn.com), even though it has the option to "block unrequested popup windows" in Options. The anti-phishing is great, but it would be nice if the popup blocking worked for those who can't install XP SP2.

    I could care less since I use Firefox. My parents could use it since they have XP SP2. I guess the people who have to decide between blocked popups and blocking phishing sites are those who run 2000 or Windows 9x, although I think Earthlink has a toolbar [earthlink.net] that will block both (not sure how well it works though). Again, no big deal, but I thought it was strange that they didn't include a working popup blocker. Seems like a automatic throw-in for all modern IE toolbars, though anyone still using IE is likely either required to (through shoddy programming or "advanced" IE-only features (what I call "screw you" features, since they're basically saying that to anyone who doesn't run windows, is disabled, or uses a text reader of some sort (braille, cell phone)) or is too novice to understand why IE == death.

    Anything but IE in 2005! Viva la revolución!

    • Re:Popup Blocker? (Score:2, Informative)

      by DeathIsHere ( 779007 )
      This is probably why pop ups are not being blocked:
      This statment is from there privacy policy located at: http://toolbar.netcraft.com/privacypolicy.html

      1 Information Automatically Logged

      We use your IP address to help diagnose problems with our server and to administer our Web site. Your IP address may also used to display regional advertising banners.

      and this is from the license agreement you need to agree too before installing:

      8 Advertising and sponsorship

      Part of the Toolbar may contain advertising

  • I would think FF/ Mozilla users (Score:4, Insightful)

    by Nurseman ( 161297 ) <nurseman@NoSpAM.gmail.com> on Thursday December 30, 2004 @11:48AM (#11219059) Homepage Journal
    are a little more tech savvy, on the whole. They have gone to the trouble to download a safer browser, and probably less likely to get sucked into a phish scam. OTOH, I have seen some pretty good ones, and I did click on a Pay Pal one, before I had second thoughts.

    • Re:I would think FF/ Mozilla users (Score:5, Insightful)

      by Errtu76 ( 776778 ) on Thursday December 30, 2004 @11:54AM (#11219121) Journal
      except for the people who use Mozilla/FireFox because their friend/relative have advised it. Can you think of anyone that wasn't too technical whom you advised they should use an alternative to IE?

      Btw, what's wrong with spoofstick [corestreet.com]?
    • So all of the parents and friends that Firefox fans that have been upgraded to Firefox by those who are afraid of IE and feel it is too insecure are tech savvy?

      If that was the case... wouldn't they have upgraded themselves?

      Yes, there are plenty of smart geeks using Firefox... as well as IE. There are also lots of not so bright people using Firefox... as well as IE (lets not get into #'s). Such a tool is still useful for those not too bright users, no matter what browser they use.
    • I've clicked one one before realzing it was a fake as well.. IIRC, it was something to the tune of www.paypaI.com

      What really bugs me are those ones you get for "major american banks".. nevermind that I'm Canadian.
  • IMHO the right fix is to have a good browser which don't allow phising.
    • The browser is for browsing web pages.
    • It's the wrong way of implementing the band-aid while we wait on 100% guaranteed Phish-proof browsers too. I mean, seriously, does this *need* a whole toolbar (that sounds like it needs to be visible to function), or would a single icon with an optional pop-up dialog when anything phishy (sorry) occurs suffice?

      I mean, what's the idea here? Fill the screen with add-in toolbars so that you can't actually see the webpages? I've got five myself, but at least I know to switch off the ones I'm not using like

    • Blocking HTML mail at the server would be a good start.

  • why not a function in firefox? (Score:4, Interesting)

    by Anonymous Coward on Thursday December 30, 2004 @11:48AM (#11219067)
    either color the URL in RED with a warning mark when it does not match the real address or give a quick pop explaining this.

  • i consider it still under release :o

    but does it really matter? the people who would install it KNOW that they are scams. people like my mother, who would have no idea what the toolbar even means, would not

  • Spoofstick (Score:5, Informative)

    by BobMD ( 669338 ) on Thursday December 30, 2004 @11:50AM (#11219082)
    Already available from Corestreet for Firefox and IE http://www.corestreet.com/spoofstick/ [corestreet.com]

  • Wait 48 hours (Score:3, Insightful)

    by SilverspurG ( 844751 ) on Thursday December 30, 2004 @11:51AM (#11219096) Homepage Journal
    And someone with a malicious website will have figured out how to use this anti-phishing toolbar as a vector for remote code execution.

  • I already got an email about this one! (Score:5, Funny)

    by AtariAmarok ( 451306 ) on Thursday December 30, 2004 @11:55AM (#11219131)
    I already got an email about this one!

    From: admin@netcrapht.com
    To: slashdottroll@hawtmail.com
    Date: 2004/12/28

    Re: We've announcted a new anti-Phishing control bar for your browser! To take advantage of this amazing free offer, just login here and register using your name and Bank One check number! Don't delay. You will also be eligible for a free u-n-i-v-e-r-s-i-t-y diploma!

  • MSN, Google, hi5.com, Netcraft, Yahoo, AOL's....

    So guys, when will the Slashdot Toolbar come out? :)
    • excellent. should include buttons for a) read article, then post message b) read other comments, then post message c) read nothing then post message d) auto generate humourous in russia/overlord/insensitive clod/1st post! posts of course button c would be the default
    • With all my toolbars, it's making it hard to read your posts. Could you please ensure everything fits onto one (or maybe two) lines at most please?
    • Actually you might not have a bad idea.

      How about have a toolbar that's tied to one site? So if you frequently search for movies, have an imdb.com toolbar(quickly look up movies you find playing on TV).

      have a ???.com for searching bands. That'd be nice when I want to know a little bit more about a band I hear on a shoutcast stream.

      Now the problem is finding any room on one's desktop with all these other bleepin' toolbars installed.
    • Imagine...

      Not only shows the lasts headlines, but it also updates in realtime so you can have fp. It shows your karma, score of your posts and replies; that's if you want to give your info, you can also browse as AC with the tin foil hat mode.

      If you are out of ideas for lame jokes like "in soviet russia" or "imagine a beowolf cluster", the random cliche generator will make on for you.

      It has many color themes: regular, Apple, Games, Politics. It also has the IT color theme, but it's disabled by default

  • spyware (Score:2, Insightful)

    by paulius_g ( 808556 )
    Spyware???

    I hope not.

  • Netscraft confirms... (Score:5, Insightful)

    by Stevyn ( 691306 ) on Thursday December 30, 2004 @12:00PM (#11219182)
    ...that this is an old, outdated, and unfunny joke.
  • What's the site running.

    I mean, come on. That's obligatory for a toolbar from Netcraft.

  • When can I get a Safari one?

  • ah more toolbar hell... (Score:5, Informative)

    by Anonymous Coward on Thursday December 30, 2004 @12:18PM (#11219343)
    As if there wasn't enough screen space taken up already.

    Switch to Firefox and enable the non-spoofing features and you don't need a toolbar (don't allow URL to be hidden, etc.)

    In firefox, type in about:config
    then set these to TRUE and never be "fooled" again:

    recommended:
    disable_window_open_feature.locati on
    disable_window_open_feature.status
    disable_wi ndow_open_feature.titlebar
    disable_window_status_ change

    optional:
    disable_window_move_resize
    disable_w indow_open_feature.close
    disable_window_open_feat ure.directories
    disable_window_open_feature.menub ar
    disable_window_open_feature.minimizable
    disab le_window_open_feature.personalbar
    disable_window _open_feature.resizable
    disable_window_open_featu re.scrollbars
    disable_window_open_feature.toolbar

  • Won't work. (Score:3, Informative)

    by tomstdenis ( 446163 ) <tomstdenis@gma[ ]com ['il.' in gap]> on Thursday December 30, 2004 @12:20PM (#11219359) Homepage
    Reason: Tools and overt actions are not solutions for stupid people.

    Evidence: Warning labels on coffee.

    Tom

  • Not Gonna Help (Score:2, Insightful)

    by photonrider ( 571060 )

    This toolbar isn't going to help. The user still has to know how to evaluate the information the toolbar is presenting. The information on it at Netcraft is going to require explaining to 99% of the users. It adds conplexity for users that already can't handle complexity. If it was a simple green light or red light then it might be useful for the masses, as is, it's more noise users can't handle.

    Two simple things users should do that have already been published in nearly every article on scams;

    1. Use a

  • I know there are more complicated phishing scams using IE holes and the like to make the address of the site show in the address bar, but all the phishing emails I seem to get send you to either a different domain name or an unresolved IP address. It doesn't take much to move your mouse over the address, see that it goes to 123.456.789.101 and not www.ebay.com to figure out it's a spoof.

    Or you could just realize that ebay, paypal, and your bank will not send you emails asking for personal info, and never

  • Non-slashdot users and family tech support (Score:4, Funny)

    by Jtheletter ( 686279 ) on Thursday December 30, 2004 @12:28PM (#11219442)
    A lot of people seem to think this tool will be useless or unused by the unwashed masses, which holds a certain amount of truth. One argument being if you're dumb enough to fall for a phishing scam, you're probably not aware enough to know to protect yourself in the first place, or if you've already got firefox installed you're already savvy enough to not fall for them.

    Speaking as my family tech support geek (which I think most of us on /. can relate to) I think this tool will be highly useful for people who know nothing about phishing scams as yet another barrier *I* will install for them.

    While a year wouldn't be enough time to educate all my relatives and friends on the various and ever-changing intricacies of PC web security, it's very useful to be able to install an app and tell them 'Look, if this thing pops up a big red warning, do what it says so you don't get a virus!' I've switched over everyone in my family to Firefox, all they care about is that it works pretty much the same for their needs as IE did. The google toolbar to block popups, zone alaram to catch other nasties, autorunning spybot and a coolwebsearch sweeper - these are all programs that make their web use look savvy but they ultimately have very little knowledge about. Now that my mom has started using the internet to buy things, no doubt she'll eventually get a phishing scam at some point relating to eBay or Amazon, with this toolbar hopefully now I can just set it and forget it and not worry as much that she's going to give all her bank info to some fake eBay site.

  • Its EULA (Score:3, Funny)

    by Rick Zeman ( 15628 ) on Thursday December 30, 2004 @12:40PM (#11219559)
    Toolbar User Terms

    Please read carefully

    These User Terms govern your relationship with Netcraft Ltd ("Netcraft, we, our or us") and your use of the Netcraft Toolbar (the "Toolbar"). These User Terms affect your rights and liabilities under the law. If you do not agree to these User Terms, please do not download or use the Toolbar.

    THESE USER TERMS DO NOT AFFECT YOUR STATUTORY RIGHTS

    1 Use of the Toolbar

    The Toolbar is provided to you for your personal use subject to these User Terms. By using the Toolbar you agree to be bound by these User Terms.

    The functionality of the Toolbar is provided by means of a user interface implemented as a toolbar on your computer and a central server managed by us.

    2 Amendments

    We may update these User Terms from time to time and any changes will be notified to you via a suitable announcement via the Toolbar. The changes will apply to the use of the Toolbar after we have given notice. If you do not wish to accept the new User Terms you should not continue to use the Toolbar. If you continue to use the Toolbar after the date on which the change comes into effect, your use of the Toolbar indicates your agreement to be bound by the new User Terms.

    3 Licence

    The Toolbar is protected by copyright, trade marks, database and other intellectual property rights. Subject to your acceptance of these User Terms, we grant you a non-exclusive, non-transferable and non-assignable licence to download, install and use the Toolbar for your own personal, non-commercial enjoyment either at home or work. You must obtain our permission in writing beforehand if you want to carry out any commercial activity which involves using the Toolbar or any software or information associated with, or derived from, it. If you would like to do this, contact us at toolbar@netcraft.com

    You may not otherwise reproduce, modify, copy, distribute, reverse engineer or use for commercial purposes any of the software or content in the Toolbar without written permission from us. No additional licence is granted to you to use any trade mark of Netcraft or its affiliated companies including, without limitation, the trade mark "Netcraft".

    4 Availability

    Your access to the Toolbar may be occasionally interrupted or restricted to allow for repairs, maintenance or the introduction of new facilities or services. We will attempt to restore the service as soon as we reasonably can.

    5 Excluded services

    The provision of the Toolbar does not include the provision of computer or other necessary equipment or compatible software to download, install and use the Toolbar. To use the Toolbar you will require Internet connectivity and appropriate telecommunication links. We will not be liable for any telephone or other costs that you may incur.

    6 Liability

    Although we aim to offer you the best possible service, the functionality of the Toolbar relies on information collected from a number of sources and while we try to ensure that the Toolbar facilitates a safe use of the Internet, we cannot accept responsibility if this is not the case. We cannot guarantee that the Toolbar will be fault free and you must bear the risks associated with the use of the Internet.

    We will not be responsible for any technical problems you may experience with the Toolbar. If we are informed of any inaccuracies in the functionality of the Toolbar we will attempt to correct the inaccuracies as soon as we reasonably can. We make no promise that the Toolbar will meet your requirements. In particular, we disclaim all liabilities in connection with the following:

    incompatibility of the Toolbar with any of your equipment, software or telecommunications links

    technical problems including errors or interruptions of the Toolbar

    unsuitability, unreliability or inaccuracy of the Toolbar

    inadequacy of the Toolbar to meet your requirements

    We welcome comments or suggestions on h
  • Currently the toolbar is only available for IE but a Firefox version is under development.

    I'm just curious, are "Mozilla" and "Firefox" effectively synonymous now? Or do people sometimes mean Firefox but not Mozilla?

  • This is sure driving NetCraft's Ad Revenue... (Score:5, Informative)

    by Christopher_G_Lewis ( 260977 ) on Thursday December 30, 2004 @01:04PM (#11219790) Homepage
    OK, I'm a WinXP user, SP2, pop-ups turned completely off, run SpyBot, AdAware and look at my BHO's at least once a week because I don't trust computer programs, even though/because I write them for a living...

    Installed it, read the instructions and FAQ (I know, I'm not supposed to do that :-), and have a couple of first impressions. I'm going to apply the "Mother Test" to the tool bar to evaluate it's usefullnes.

    The tool bar installs with initally two items, Netcraft, and Services. Services is simply a drop down with links to all of Netcrafts services, trying to drum up business. I initally thought that services would hot link to some of the Netcraft tools like uptime and what is that site running, but no, just links to the main pages for them. There are 7 main items under serives, and 19 sub-items. Offerings
    are impressive, but I don't think my mother would care at all about Hosting Providers or Web site auditing.

    I can't evaluate the pop-up blocker since I have pop-ups completely turned off via XP SP2. I also run the Google toolbar, so pop-ups haven't bothered me in quite some time (except those occational ones that sneak through when you hold down the ctrl key to click a pop-up link. Who ever thought of using the same key to allow all pop-ups and allow one pop-up should be shot.)

    As for the phishing, looks like it will work fine. The toolbar will have to pull down a new definitions file every couple of hours (2 by default), but that should be fine. Reporting a site is relatively easy. This is a thumbs up for the Mother Test

    The Stats that it displays are pretty worthless. Pretty flags, but other than that, who cares. Rank is meaningless unless they get rid of their own sites. Pretty obvious that the most visited site is http://toolbar.netcraft.com [netcraft.com].

    The thing that most disturbs me are the stats that are gathered: http://toolbar.netcraft.com/stats/topsites [netcraft.com]
    *Without*any*privacy*statement*, I have no idea what they are doing with my browsing information. This certainly scares me enough to uninstall this sucker. I understand that privacy is going away, I just like to fight it tooth and nail. (Except google, their cool. Until their IPO. oh wait... :-)

    Oh yea. Regarding my subject: look at line 12 of the stats [netcraft.com]:
    Rank Site First Seen Netblock Site Report Country
    12 http://banners.netcraft.com June 2003 Netcraft Go UK

  • Don't bother downloading it (Score:3, Interesting)

    by litewoheat ( 179018 ) * on Thursday December 30, 2004 @01:09PM (#11219828)
    It doesn't play well with the Google toolbar. Hell it doesn't play well with any toolbars. After I installed it, all my (standard) toolbars were moved around or resized to 0 width. Its very frustrating when companies release crap software like this. Don't these people know about QA?
  • what we really need to worry about is all the telephone, power, internet, etc. companies serving up all your credit information to huge call centers filled with incompetent people over internet explorer. as my trainer says, "you'll have to open another E to get to that program." "that program" is the one we use to view and change account information.

    it is scary, yes?
    it is savvy, no.
  • A few more toolbars on the screen and I won't be able to see much more than a 1" strip of any suspect site anyway, let alone enter any information - cool! Secure!
  • I got so excited about this, until the last line about it only being available for IE. They better get cracking on the FireFox extension, as it would really boost FireFox as well.

    Personally, I am just glad that they decided to do this out of the goodness of their hearts, and it's a great day for anti phishing folks out there.

Slashdot Top Deals

Lots of folks confuse bad management with destiny. -- Frank Hubbard

Close