Firefox to get phishing shield

navjotjsingh · Mar 9, 2006

An upcoming version of Firefox will include protection against phishing scams, using technology that might come from Google.

The phishing shield is a key new security feature planned for Firefox 2, slated for release in the third quarter of this year, Mozilla's Mike Shaver said in an interview Tuesday.

"Everybody understands that phishing is a significant problem on the Web," said Shaver, a technology strategist at the company, which oversees Firefox development. "We are putting antiphishing into Firefox, and Google is working with us on that."

With the continued rise in online attacks, security tools have become something Web browser makers can use to try to stand out. Microsoft plans to include features to protect Web surfers against online scams in Internet Explorer 7, due later in 2006. Similar functionality is already in Netscape 8 and Opera 8, both released last year.

"It is another example of the energy that has returned to the browser marker," Shaver said.

Phishing is a prevalent type of online scam that attempts to steal sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. A record 7,197 phishing Web sites were spotted in December, according to Anti-Phishing Working Group.

While Firefox 2 will get a phishing shield, no decision has been made on how it will be incorporated in Firefox, Shaver said. "Google, like others who contribute to the project, has contributed code and expertise for us to experiment with," he said. "We haven't committed to a given approach, a given technology or a given partner."

Google has close ties to Firefox. A year ago, the Mountain View, Calif.-based search engine giant hired Ben Goodger, a lead engineer on the open-source Web browser. Firefox is also part of the Google Pack, a bundle of Google's own and third-party applications. The search company could not be immediately reached for comment.

Fighting fraudsters
Although IE and Firefox, the two most-used Web browsers, don't include antiphishing features yet, there are browser add-ons that guard against such scams. These include the Google Safe Browsing plug-in for Firefox and Microsoft's MSN Toolbar for IE. Other providers include Netcraft and SiteAdvisor.

The various phishing shields use a variety of techniques to protect against the online scams. These include blacklists of known fraudulent Web sites, white lists of good sites and analyses of Web addresses and Web pages. Firefox 2 might be different, since the developers aren't married to those approaches, Shaver said.

"I don't think anybody has found a perfect solution," he said. "We would not look to do something different just for the sake of being different, but we don't want to be constrained by recent history either."

Regardless of what technology ends up in Firefox 2, people who want to use a different antiphishing product will be able to do so, Shaver said.

Adding antiphishing technology to Web browsers helps with online security, but is not a panacea, said Amir Orad, vice president of marketing at RSA Security's Cyota group. "We think it is very important. It doesn't solve the problem, but it is a step in the right way," he said.

Cyota, an antiphishing specialist, provides lists of known fraudulent Web sites to Microsoft for IE 7 and to Netscape, as well as others. "It is an arms race, another tool in the arsenal," Orad said. RSA Security acquired Cyota last year.

An early, alpha release of Firefox 2 is expected later this month, but it likely won't include the antiphishing features. "We don't want to rush it to get it into that alpha," Shaver said. "But things can move pretty fast in our world and if we come up with something that we like the looks of we might put something in experimentally."

Other planned security features in Firefox 2 are support for a stronger type of digital certificate, a so-called high-assurance certificate. At the same time, the new browser likely will drop support for less secure certificates, Shaver said.
Click to expand...

Source: http://news.com.com/Firefox+to+get+phishing+shield/2100-1029_3-6047610.html?tag=nefd.lede

indranilmaulik · Mar 10, 2006

navjotjsingh said:

Fighting fraudsters
Although IE and Firefox, the two most-used Web browsers, don't include antiphishing features yet, there are browser add-ons that guard against such scams. These include the Google Safe Browsing plug-in for Firefox and Microsoft's MSN Toolbar for IE. Other providers include Netcraft and SiteAdvisor.
Click to expand...

Source: http://news.com.com/Firefox+to+get+phishing+shield/2100-1029_3-6047610.html?tag=nefd.lede
Click to expand...

IE 6 SP2 and IE 7 already have antiphishing features built-in

navjotjsingh · Mar 10, 2006

When did IE 6 SP2 got anti-phisihing features? Would you explain that please?

indranilmaulik · Mar 10, 2006

sorry dude, it was installed in my pc via msn toolbar, didn't notice it earlier

digen · Mar 10, 2006

Maybe the below link tells us things to expect from Google & Firefox as a combination product.

http://www.google.com/tools/firefox/safebrowsing/

I've had a shot at one phishing website identifying itself as Ebay with the extension installed & it detected it as fake alright.

mach · Mar 10, 2006

thats more good news !!! :d

sidewinder · Mar 18, 2006

thats gr8! I will love fox more

QwertyManiac · Mar 20, 2006

Cool, on the lines of IE 7, good. MS has one less unique thing now and we have one more thing to rejoice.. so i guess double good things for us.

gary4gar · Mar 21, 2006

cool !

iinfi · Mar 21, 2006

google jus keeps coming up with products and even regular gmail and google.com users also dont know abt it.
google jus brings out everything as BETA without good testing at their end and they wash their hands out of any harm done to the end users PC by using their products.
google web accelerator was the biggest flop initially as ur mails wud get deleted from your web mail's server eventhough u did not delete it.
there are many people who blindly believe google products and become the victim of some poor product testing.

iinfi · Mar 22, 2006

sry for the double post!!
now this is a note from google's website
http://www.google.com/tools/firefox/safebrowsing/install.html
Google Safe Browsing for Firefox BETA
privacy note

â€¢ When you click to accept, reject, or close the warning message that Safe Browsing gives you about a suspicious page, Google will log this feedback and the URL of the page.
â€¢ If you choose to enable Enhanced Protection, Safe Browsing will send page information, including the URLs of pages you visit, to Google for evaluation.
â€¢ Google will not associate the information that Safe Browsing logs with other personal information about you. However, it is possible that a URL or other page information sent to Google may itself contain personal information.
â€¢ Google Safe Browsing for Firefox contacts Google's servers periodically for updates.
Click to expand...

what does the content in red mean????

Log in or Sign up

Firefox to get phishing shield

navjotjsingh Active Member

indranilmaulik New Member

navjotjsingh Active Member

indranilmaulik New Member

digen New Member

mach New Member

sidewinder New Member

QwertyManiac Commander in Chief

gary4gar GaurishSharma.com

iinfi mekalodu

iinfi mekalodu

Share This Page

Log in or Sign up

Firefox to get phishing shield

navjotjsingh Active Member

indranilmaulik New Member

navjotjsingh Active Member

indranilmaulik New Member

digen New Member

mach New Member

sidewinder New Member

QwertyManiac Commander in Chief

gary4gar GaurishSharma.com

iinfi mekalodu

iinfi mekalodu

Share This Page

Useful Searches