Firefox 2 AntiPhising is a joke?


Recommended Posts

I came across and got to know a phising website:

http://www.geocities.com/playboy_model_wit_big_boobs/

Firefox 2 completely fails to detect it is a phising site. While IE7 reports it as "Suspicious Web site".

I think Firefox2 Anti-phising is just simply a joke. They have no idea what hat they have built :no:

Test yourself!

WARNING: DO NOT ENTER YOUR USERNAME AND PASSWORD

UPDATE:

NO NEED TO TEST ANYMORE Because some Firefox Supporters have reported this website to Firefox. That way FF2 now displays message of Suspicious Website.

The point is that a true Anti-Phising tool needs to have the ability to check the website and identify potential risk, not just checking against Centralized Database like firefox 2.

FF2 Development team needs to learn from IE and improve their Anti-phising function.

That is the bottom line.

Edited by superhuman
Link to comment
Share on other sites

It doesn't warn with either technology selected. I wonder if it doesn't work because the login page is actually a correct page. The submit button is the one that redirects the username/password.

Link to comment
Share on other sites

It doesn't warn with either technology selected. I wonder if it doesn't work because the login page is actually a correct page. The submit button is the one that redirects the username/password.

no the Firefox phishing filter is flawed, it's true.

Link to comment
Share on other sites

if you check the source, this guy uses hidden textbox to store your username & password then send email to him.

Ok, here is the story. They advertised FF2 anti-phising alot. So I decided to try out.

It is completely useless.

Link to comment
Share on other sites

if you check the source, this guy uses hidden textbox to store your username & password then send email to him.

Ok, here is the story. They advertised FF2 anti-phising alot. So I decided to try out.

It is completely useless.

It never hurts to educate yourself.

#2 at http://en-us.www.mozilla.com/en-US/firefox...ing-protection/

It says it works by checking the url against a list of KNOWN phishing sites. "Known" is obviously the key word here. Also most phishing sites try to disguise their url by using subdomains etc. with enough garbage that it makes you think you're at a legit URL. One look at that URL and even the most computer illiterate person should be able to tell that's not legit.

Fact of the matter is, if it's not in Mozilla's list of known phishing sites, it's obviously not gonna get caught. If you want to submit a site, go to Help > Report Web Forgery.

Edited by flyakite
Link to comment
Share on other sites

It never hurts to educate yourself.

#2 at http://en-us.www.mozilla.com/en-US/firefox...ing-protection/

It says it works by checking the url against a list of KNOWN phishing sites. "Known" is obviously the key word here. Also most phishing sites try to disguise their url by using subdomains etc. with enough garbage that it makes you think you're at a legit URL. One look at that URL and even the most computer illiterate person should be able to tell that's not legit.

Fact of the matter is, if it's not in Mozilla's list of known phishing sites, it's obviously not gonna get caught. If you want to submit a site, go to Help > Report Web Forgery.

No, you're WRONG

The point is that even IE7 did not have that url reported. It still can detect "Suspicious Website." And that is anti-phising. Not just checking url against centralized database like Firefox does.

The way FF2 implement this technology is completely useless in case of new threat.

Link to comment
Share on other sites

Firefox 2 did not work here either. :no:

Just having a look at the code for that site.

It appears all the logins get sent to his gmail address. :angry:

Link to comment
Share on other sites

Besides the fact that we are all aware of the fact that it is a phishing site, the new Yahoo login page (for mail, or geocities, or any page which has a yahoo login feature) has protection built in.

You upload an image to yahoo, and they create a cookie which shows that image next to the login form. If the image is there, you know you can trust the login form to be an official yahoo one. If no picture is there, then you know its a fake...mind i note the picture is a per-computer setting.

Link to comment
Share on other sites

Test more here http://www.dslreports.com/phishtrack?pid=5122&urls=1

Seems to work just fine. Only a matter of detection rate like with AV - can change. If the offline database or online Google one does not screw up Firefox be happy.

None of them picked up 5123, in few minutes they probably will. Need lots more stats over a longer periode to claim either one is perfect or useless.

Link to comment
Share on other sites

I have no idea what y'all are talking about. I went to the site and got a big honkin' warning it was fake. :rolleyes:

Link to comment
Share on other sites

The filter works for me. BTW, the email address it goes to:

NAME="Mail_To" VALUE="owning.lamers@gmail.com">

Someone should report this to gmail as well.

I went ahead and did that. Feel free to, as well, here:

https://services.google.com/inquiry/gmail_security4

I just put in N/A for all the e-mail parts, and then explained the url in the 'additional comments' section.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.