March 8, 2006 2:21 PM PST

Firefox to get phishing shield

An upcoming version of Firefox will include protection against phishing scams, using technology that might come from Google.

The phishing shield is a key new security feature planned for Firefox 2, slated for release in the third quarter of this year, Mozilla's Mike Shaver said in an interview Tuesday.

"Everybody understands that phishing is a significant problem on the Web," said Shaver, a technology strategist at the company, which oversees Firefox development. "We are putting antiphishing into Firefox, and Google is working with us on that."

News.context

What's new:
Mozilla plans to put protection against phishing scams in the next update to Firefox, set for release later this year. Google is working with Mozilla on the technology.

Bottom line:
With the continued rise in online attacks, security tools have become something browser makers can use to try to stand out.

More stories on this topic

With the continued rise in online attacks, security tools have become something Web browser makers can use to try to stand out. Microsoft plans to include features to protect Web surfers against online scams in Internet Explorer 7, due later in 2006. Similar functionality is already in Netscape 8 and Opera 8, both released last year.

"It is another example of the energy that has returned to the browser marker," Shaver said.

Phishing is a prevalent type of online scam that attempts to steal sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. A record 7,197 phishing Web sites were spotted in December, according to Anti-Phishing Working Group.

While Firefox 2 will get a phishing shield, no decision has been made on how it will be incorporated in Firefox, Shaver said. "Google, like others who contribute to the project, has contributed code and expertise for us to experiment with," he said. "We haven't committed to a given approach, a given technology or a given partner."

Google has close ties to Firefox. A year ago, the Mountain View, Calif.-based search engine giant hired Ben Goodger, a lead engineer on the open-source Web browser. Firefox is also part of the Google Pack, a bundle of Google's own and third-party applications.

"We are committed to improving our users' online experience and are happy to be working with the Mozilla Foundation to help protect Firefox users from phishing attacks," a Google representative said in an e-mailed statement on Thursday.

Fighting fraudsters
Although IE and Firefox, the two most-used Web browsers, don't include antiphishing features yet, there are browser add-ons that guard against such scams. These include the Google Safe Browsing plug-in for Firefox and Microsoft's MSN Toolbar for IE. Other providers include Netcraft and SiteAdvisor.

The various phishing shields use a variety of techniques to protect against the online scams. These include blacklists of known fraudulent Web sites, white lists of good sites and analyses of Web addresses and Web pages. Firefox 2 might be different, since the developers aren't married to those approaches, Shaver said.

"I don't think anybody has found a perfect solution," he said. "We would not look to do something different just for the sake of being different, but we don't want to be constrained by recent history either."

Regardless of what technology ends up in Firefox 2, people who want to use a different antiphishing product will be able to do so, Shaver said.

Adding antiphishing technology to Web browsers helps with online security, but is not a panacea, said Amir Orad, vice president of marketing at RSA Security's Cyota group. "We think it is very important. It doesn't solve the problem, but it is a step in the right way," he said.

Cyota, an antiphishing specialist, provides lists of known fraudulent Web sites to Microsoft for IE 7 and to Netscape, as well as others. "It is an arms race, another tool in the arsenal," Orad said. RSA Security acquired Cyota last year.

An early, alpha release of Firefox 2 is expected later this month, but it likely won't include the antiphishing features. "We don't want to rush it to get it into that alpha," Shaver said. "But things can move pretty fast in our world and if we come up with something that we like the looks of we might put something in experimentally."

Other planned security features in Firefox 2 are support for a stronger type of digital certificate, a so-called high-assurance certificate. At the same time, the new browser likely will drop support for less secure certificates, Shaver said.

See more CNET content tagged:
phishing, online scam, Firefox 2.0, Firefox, Google Inc.

19 comments

Join the conversation!
Add your comment
GooFox??
Is it just me or does it look more and more like Google owns Firefox?
Posted by FutureGuy (742 comments )
Reply Link Flag
it's just you
-
Posted by Johnny Mnemonic (374 comments )
Link Flag
Yup... Just you
Firefox is open source.. no one owns it.
Posted by Leppard (41 comments )
Link Flag
U are right: BigMedia owning the "eye ball" of the planet!
No, it is not just you.
Google does own Firefox now, for all practical purposes.
After all Firefox is funded by Aol-Timewarner-CNN and Aol has Billions of dollars in Googloool stock as well as Googloool having invested a few Billions of dollars in Aol-Timewarner-CNN.

It is called Big-Media owning the "eye ball" of the planet!
Posted by Cyrus_K (60 comments )
Link Flag
Here's a deterant: Make It A Death Penalty.
Than outsource the capture part to the Israelies. Israelies don't care which country/jurisdiction the phishing scum is in. Scum will be captured, just like the Nazi scums were.

With enough hanged, others will find a safer means of scamming for money.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
Ummm...ya.
Who phissed in your cornflakes?
Posted by KsprayDad (375 comments )
Link Flag
Request to C|NET
Please incluse PLONK features in your talkback feature, so I don't have to look at anything from this person again.
Talking about "you b. stupid"...
Posted by S Nijs (11 comments )
Link Flag
RE: Here's a deterant: Make It A Death Penalty.
As an Israeli, I have no idea what you're talking about. It's all ********.


Regards,

Avner



This message is confidential and meant only for its intended recipient. It must not be copied or disclosed without The Mossad's consent. This message is an informal communication and should not be relied upon without written confirmation. The individual sender (not The Mossad) is responsible for the content of this message. If this message is received in error, please advise The Mossad.
Posted by booboo1243 (328 comments )
Link Flag
Firefox Bloat
I love Firefox...I've been using it for years but I fear that as time marches forward they are going more and more to the feature bloat that is IE/Netscape.

Firefox is/was supposed to be a smaller footprint product with users that tended to be a little bit more sophisticated than average when it came to 'how does my computer work'. I would imagine that these users rarely became victims of phishing. Now that FF is more mainstream they have to add bloat to keep the 'casual' users that NEEDS protection. They seem to be going in the direction of building it in and forcing users to have it instead of using the extension route.

As stated in the article Firefox already works with Google's antiphishing tech BUT I am currently not FORCED to have it as part of my browser.

I hope Firefox remembers that the beauty/sucess of their product is the small footprint and customization and NOT being someother companies pimp.

I forsee another split in the Mozilla world where you get the current corporate Mozilla rebranding as a GoogleFox browser and the old school continuing on with an independant product that we had until recently.
Posted by KsprayDad (375 comments )
Reply Link Flag
Yes, you love everything from Google/BigMedia
We already know that you love eveything form Google & its Big-Media brethern (AOL-Timewarner-CNN/Firefox).

So do you work for Google? Are you Google share holder or let me guess webmaster making money off Google AdSense (aka click-fraud :)
Posted by Cyrus_K (60 comments )
Link Flag
A day late & a dollar short
I'm already using IE7 with Phishing protection. Firefox is just copying a great innovator.

Well, swap the names around & that's what people have been saying about M$ & everyone else - that M$ was just copying. Makes a change to see it the other way round.

P.S. IE7 still lags behind the rest. I only use it on those sites that Opera doesn't work. But as a user, that's actually pretty great recommendation - use IE. It works on those sites that don't take Amer.....whoops, slipped into a certain credit card commercial for a moment.
Posted by (409 comments )
Link Flag
Phishing Shield
Like hacking, virus & worm making, and spam selling, I would like to see some serious controls put on all of them. Phishing is especially harmful due to the economic effect that it has on everyone through ID theft, bank account draining, and good name/credit destruction. A program needs to be developed to stop it entirely and prosecutors need to put those people who phish into prison (hard labor) for 20 years. The damage they do is consierable.
Posted by gunnyhudson (1 comment )
Reply Link Flag
Phishing Counterattack
Extensive efforts to block phishing at the destination of the attack (your PC) will never be a substitute for blocking it at the source, just as it isn't for Spam. The Internet Community (e.g., IETF) need to come up with effective ways to block it all at the source.

In the meantime, has anyone done anything to counterattack the phishers by flooding their sites with bogus information (credit card numbers, passwords, etc)? If they get millions of bogus sets of data, it should make it pretty hard for them to use the couple sets of valid data they get from those who don't recognize this as an attack.
Posted by map-maker (9 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.