An upcoming version of Firefox will include protection against phishing scams, using technology that might come from Google.
The phishing shield is a key new security feature planned for Firefox 2, slated for release in the third quarter of this year, Mozilla's Mike Shaver said in an interview Tuesday.
"Everybody understands that phishing is a significant problem on the Web," said Shaver, a technology strategist at the company, which oversees Firefox development. "We are putting antiphishing into Firefox, and Google is working with us on that."
News.context
What's new:
Mozilla plans to put protection against phishing scams in the next update to Firefox, set for release later this year. Google is working with Mozilla on the technology.
Bottom line: With the continued rise in online attacks, security tools have become something browser makers can use to try to stand out.
With the continued rise in online attacks, security tools have become something Web browser makers can use to try to stand out. Microsoft plans to include features to protect Web surfers against online scams in Internet Explorer 7, due later in 2006. Similar functionality is already in Netscape 8 and Opera 8, both released last year.
"It is another example of the energy that has returned to the browser marker," Shaver said.
Phishing is a prevalent type of online scam that attempts to steal sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. A record 7,197 phishing Web sites were spotted in December, according to Anti-Phishing Working Group.
While Firefox 2 will get a phishing shield, no decision has been made on how it will be incorporated in Firefox, Shaver said. "Google, like others who contribute to the project, has contributed code and expertise for us to experiment with," he said. "We haven't committed to a given approach, a given technology or a given partner."
Google has close ties to Firefox. A year ago, the Mountain View, Calif.-based search engine giant hired Ben Goodger, a lead engineer on the open-source Web browser. Firefox is also part of the Google Pack, a bundle of Google's own and third-party applications.
"We are committed to improving our users' online experience and are happy to be working with the Mozilla Foundation to help protect Firefox users from phishing attacks," a Google representative said in an e-mailed statement on Thursday.
The various phishing shields use a variety of techniques to protect against the online scams. These include blacklists of known fraudulent Web sites, white lists of good sites and analyses of Web addresses and Web pages. Firefox 2 might be different, since the developers aren't married to those approaches, Shaver said.
"I don't think anybody has found a perfect solution," he said. "We would not look to do something different just for the sake of being different, but we don't want to be constrained by recent history either."
Regardless of what technology ends up in Firefox 2, people who want to use a different antiphishing product will be able to do so, Shaver said.
Adding antiphishing technology to Web browsers helps with online security, but is not a panacea, said Amir Orad, vice president of marketing at RSA Security's Cyota group. "We think it is very important. It doesn't solve the problem, but it is a step in the right way," he said.
Cyota, an antiphishing specialist, provides lists of known fraudulent Web sites to Microsoft for IE 7 and to Netscape, as well as others. "It is an arms race, another tool in the arsenal," Orad said. RSA Security acquired Cyota last year.
An early, alpha release of Firefox 2 is expected later this month, but it likely won't include the antiphishing features. "We don't want to rush it to get it into that alpha," Shaver said. "But things can move pretty fast in our world and if we come up with something that we like the looks of we might put something in experimentally."
Other planned security features in Firefox 2 are support for a stronger type of digital certificate, a so-called high-assurance certificate. At the same time, the new browser likely will drop support for less secure certificates, Shaver said.
U are right: BigMedia owning the "eye ball" of the planet!
No, it is not just you. Google does own Firefox now, for all practical purposes. After all Firefox is funded by Aol-Timewarner-CNN and Aol has Billions of dollars in Googloool stock as well as Googloool having invested a few Billions of dollars in Aol-Timewarner-CNN.
It is called Big-Media owning the "eye ball" of the planet!
Than outsource the capture part to the Israelies. Israelies don't care which country/jurisdiction the phishing scum is in. Scum will be captured, just like the Nazi scums were.
With enough hanged, others will find a safer means of scamming for money.
As an Israeli, I have no idea what you're talking about. It's all ********.
Regards,
Avner
This message is confidential and meant only for its intended recipient. It must not be copied or disclosed without The Mossad's consent. This message is an informal communication and should not be relied upon without written confirmation. The individual sender (not The Mossad) is responsible for the content of this message. If this message is received in error, please advise The Mossad.
I love Firefox...I've been using it for years but I fear that as time marches forward they are going more and more to the feature bloat that is IE/Netscape.
Firefox is/was supposed to be a smaller footprint product with users that tended to be a little bit more sophisticated than average when it came to 'how does my computer work'. I would imagine that these users rarely became victims of phishing. Now that FF is more mainstream they have to add bloat to keep the 'casual' users that NEEDS protection. They seem to be going in the direction of building it in and forcing users to have it instead of using the extension route.
As stated in the article Firefox already works with Google's antiphishing tech BUT I am currently not FORCED to have it as part of my browser.
I hope Firefox remembers that the beauty/sucess of their product is the small footprint and customization and NOT being someother companies pimp.
I forsee another split in the Mozilla world where you get the current corporate Mozilla rebranding as a GoogleFox browser and the old school continuing on with an independant product that we had until recently.
I'm already using IE7 with Phishing protection. Firefox is just copying a great innovator.
Well, swap the names around & that's what people have been saying about M$ & everyone else - that M$ was just copying. Makes a change to see it the other way round.
P.S. IE7 still lags behind the rest. I only use it on those sites that Opera doesn't work. But as a user, that's actually pretty great recommendation - use IE. It works on those sites that don't take Amer.....whoops, slipped into a certain credit card commercial for a moment.
Like hacking, virus & worm making, and spam selling, I would like to see some serious controls put on all of them. Phishing is especially harmful due to the economic effect that it has on everyone through ID theft, bank account draining, and good name/credit destruction. A program needs to be developed to stop it entirely and prosecutors need to put those people who phish into prison (hard labor) for 20 years. The damage they do is consierable.
Extensive efforts to block phishing at the destination of the attack (your PC) will never be a substitute for blocking it at the source, just as it isn't for Spam. The Internet Community (e.g., IETF) need to come up with effective ways to block it all at the source.
In the meantime, has anyone done anything to counterattack the phishers by flooding their sites with bogus information (credit card numbers, passwords, etc)? If they get millions of bogus sets of data, it should make it pretty hard for them to use the couple sets of valid data they get from those who don't recognize this as an attack.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
For people who don't have time to tend a Zen garden, the Zen Table will handle the work for you. The table is filled with silicone beads and a robotic system that "rakes" images into the sand.
The Washington State Senate passed a bill that would charge electric car owners $100 per year to compensate for not paying gas taxes. The bill still has to pass the House.
With the continued rise in online attacks, security tools have become something browser makers can use to try to stand out.
Google does own Firefox now, for all practical purposes.
After all Firefox is funded by Aol-Timewarner-CNN and Aol has Billions of dollars in Googloool stock as well as Googloool having invested a few Billions of dollars in Aol-Timewarner-CNN.
It is called Big-Media owning the "eye ball" of the planet!
With enough hanged, others will find a safer means of scamming for money.
Talking about "you b. stupid"...
Regards,
Avner
This message is confidential and meant only for its intended recipient. It must not be copied or disclosed without The Mossad's consent. This message is an informal communication and should not be relied upon without written confirmation. The individual sender (not The Mossad) is responsible for the content of this message. If this message is received in error, please advise The Mossad.
Firefox is/was supposed to be a smaller footprint product with users that tended to be a little bit more sophisticated than average when it came to 'how does my computer work'. I would imagine that these users rarely became victims of phishing. Now that FF is more mainstream they have to add bloat to keep the 'casual' users that NEEDS protection. They seem to be going in the direction of building it in and forcing users to have it instead of using the extension route.
As stated in the article Firefox already works with Google's antiphishing tech BUT I am currently not FORCED to have it as part of my browser.
I hope Firefox remembers that the beauty/sucess of their product is the small footprint and customization and NOT being someother companies pimp.
I forsee another split in the Mozilla world where you get the current corporate Mozilla rebranding as a GoogleFox browser and the old school continuing on with an independant product that we had until recently.
So do you work for Google? Are you Google share holder or let me guess webmaster making money off Google AdSense (aka click-fraud :)
Well, swap the names around & that's what people have been saying about M$ & everyone else - that M$ was just copying. Makes a change to see it the other way round.
P.S. IE7 still lags behind the rest. I only use it on those sites that Opera doesn't work. But as a user, that's actually pretty great recommendation - use IE. It works on those sites that don't take Amer.....whoops, slipped into a certain credit card commercial for a moment.
In the meantime, has anyone done anything to counterattack the phishers by flooding their sites with bogus information (credit card numbers, passwords, etc)? If they get millions of bogus sets of data, it should make it pretty hard for them to use the couple sets of valid data they get from those who don't recognize this as an attack.