Get three services for $100/mo
March 8, 2006 2:21 PM PST
Firefox to get phishing shield
Last modified: March 9, 2006 12:46 PM PST
- Related Stories
-
Kits help phishing sites proliferate
February 27, 2006 -
Gates: End to passwords in sight
February 14, 2006 -
Google entering video-on-demand business
January 6, 2006 -
Browsers to get sturdier padlocks
December 12, 2005 -
Microsoft enlists new buddies for antiphishing trip
November 17, 2005 -
Microsoft outlines IE 7 security plans
October 27, 2005 -
Toolbar, search site aim to guard against phishers
September 25, 2005 -
Google to release Firefox toolbar
July 7, 2005 -
Antiphishing toolbar for Firefox released
May 25, 2005 -
Netscape update takes aim at phishing
May 19, 2005 -
Opera 8 aims for simpler browsing
April 19, 2005 -
Netcraft goes fishing for phishers
December 30, 2004
The phishing shield is a key new security feature planned for Firefox 2, slated for release in the third quarter of this year, Mozilla's Mike Shaver said in an interview Tuesday.
"Everybody understands that phishing is a significant problem on the Web," said Shaver, a technology strategist at the company, which oversees Firefox development. "We are putting antiphishing into Firefox, and Google is working with us on that."
What's new:
Mozilla plans to put protection against phishing scams in the next update to Firefox, set for release later this year. Google is working with Mozilla on the technology.
Bottom line:
With the continued rise in online attacks, security tools have become something browser makers can use to try to stand out.
With the continued rise in online attacks, security tools have become something Web browser makers can use to try to stand out. Microsoft plans to include features to protect Web surfers against online scams in Internet Explorer 7, due later in 2006. Similar functionality is already in Netscape 8 and Opera 8, both released last year.
"It is another example of the energy that has returned to the browser marker," Shaver said.
Phishing is a prevalent type of online scam that attempts to steal sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. A record 7,197 phishing Web sites were spotted in December, according to Anti-Phishing Working Group.
While Firefox 2 will get a phishing shield, no decision has been made on how it will be incorporated in Firefox, Shaver said. "Google, like others who contribute to the project, has contributed code and expertise for us to experiment with," he said. "We haven't committed to a given approach, a given technology or a given partner."
Google has close ties to Firefox. A year ago, the Mountain View, Calif.-based search engine giant hired Ben Goodger, a lead engineer on the open-source Web browser. Firefox is also part of the Google Pack, a bundle of Google's own and third-party applications.
"We are committed to improving our users' online experience and are happy to be working with the Mozilla Foundation to help protect Firefox users from phishing attacks," a Google representative said in an e-mailed statement on Thursday.
Fighting fraudsters
Although IE and Firefox, the two most-used Web browsers, don't include antiphishing features yet, there are browser add-ons that guard against such scams. These include the Google Safe Browsing plug-in for Firefox and Microsoft's MSN Toolbar for IE. Other providers include Netcraft and SiteAdvisor.
The various phishing shields use a variety of techniques to protect against the online scams. These include blacklists of known fraudulent Web sites, white lists of good sites and analyses of Web addresses and Web pages. Firefox 2 might be different, since the developers aren't married to those approaches, Shaver said.
"I don't think anybody has found a perfect solution," he said. "We would not look to do something different just for the sake of being different, but we don't want to be constrained by recent history either."
Regardless of what technology ends up in Firefox 2, people who want to use a different antiphishing product will be able to do so, Shaver said.
Adding antiphishing technology to Web browsers helps with online security, but is not a panacea, said Amir Orad, vice president of marketing at RSA Security's Cyota group. "We think it is very important. It doesn't solve the problem, but it is a step in the right way," he said.
Cyota, an antiphishing specialist, provides lists of known fraudulent Web sites to Microsoft for IE 7 and to Netscape, as well as others. "It is an arms race, another tool in the arsenal," Orad said. RSA Security acquired Cyota last year.
An early, alpha release of Firefox 2 is expected later this month, but it likely won't include the antiphishing features. "We don't want to rush it to get it into that alpha," Shaver said. "But things can move pretty fast in our world and if we come up with something that we like the looks of we might put something in experimentally."
Other planned security features in Firefox 2 are support for a stronger type of digital certificate, a so-called high-assurance certificate. At the same time, the new browser likely will drop support for less secure certificates, Shaver said.
See more CNET content tagged:
phishing,
Firefox 2.0,
Firefox,
online scam,
Mozilla Corp.
With enough hanged, others will find a safer means of scamming for money.
Firefox is/was supposed to be a smaller footprint product with users that tended to be a little bit more sophisticated than average when it came to 'how does my computer work'. I would imagine that these users rarely became victims of phishing. Now that FF is more mainstream they have to add bloat to keep the 'casual' users that NEEDS protection. They seem to be going in the direction of building it in and forcing users to have it instead of using the extension route.
As stated in the article Firefox already works with Google's antiphishing tech BUT I am currently not FORCED to have it as part of my browser.
I hope Firefox remembers that the beauty/sucess of their product is the small footprint and customization and NOT being someother companies pimp.
I forsee another split in the Mozilla world where you get the current corporate Mozilla rebranding as a GoogleFox browser and the old school continuing on with an independant product that we had until recently.
In the meantime, has anyone done anything to counterattack the phishers by flooding their sites with bogus information (credit card numbers, passwords, etc)? If they get millions of bogus sets of data, it should make it pretty hard for them to use the couple sets of valid data they get from those who don't recognize this as an attack.