January 25, 2005

Thunderbird Gains Phishing Detection (Too)

Through a long chain of blogs (evidence that users care about phishing at least: gemal.dk MozIne, LWN, Addict) comes news that Thunderbird is also to have click-thru protection. The hero of the day is one Scott MacGregor. Easiest just to read his bug report and gfx:

Thunderbird phishing warnings

Get a phishing detector going for Thunderbird. I'm sure it can be improved quite a bit but this starts to catch some of the more obvious scams.

When the user clicks on a URL that we think is a phishing URL, he now gets prompted before we open it. Handles two cases so far. Hopefully we can add more as we figure out how. The host name of the actual URL is an IP address. The link text is a URL whose host name does not match the host name of the actual URL.. I added support for a silentMode so later on we can hopefully walk an existing message DOM and call into this routine on each link element in the DOM. This would allow us to insert an email scam warning bar in the message window down the road.

That's good stuff! It is similar to the fix that JPM reported a couple of days ago. Momentum is building to fix the tools, so it we might soon start to see work in browsers - that which is being attacked - to address phishing. So far, Firefox has made a small start with a yellow SSL bar and SSL domain name on the bottom right . More will follow, especially as the fixes outside the browser force phishers towards more "correct" URLs and SSL attacks.

Posted by iang at January 25, 2005 10:11 AM | TrackBack
Comments

they're on the right track but

(1) it should be RED

(2) it should be FULL SCREEN

(3) probably 1 adult human in 500 can understand language that complex. (1 in 2000 in the U.S.!)

there's just no way anyone's going to read - far less bother with or let it affect them - such a long, confusing novel-length meandering bit of chat.

It should say ... dont forget, this is red and full screen ..

PHISHING
ATTACK
PREVENTED !!!!

And that's it.

*of course* it should just NOT let you go there. There should not be an "option to go there!" Newsflash: duh.

Ok, sure, in the coming ten years, of the 314,245,897,500,000,000 times that the alert will come up, OK, we can estimate that let's say 4 times ... no, let's say 5 times, for some unbelievably staggeringly bizarre reason, the user will in fact have wanted to go to the URL.

{Aside -- naturally on those 5 occasions, it would have been a German internet engineer who for some amazing reason needed the "go to the URL" option. But the other 314,245,897,499,999,995 occasions....uh, no.}

Thus, two seconds thinking on the problem shows that it is UTTERLY, STUPENDOUSLY, INCREDIBLY IDIOTIC to include a "yah, go there anyway, yuk!" option.

Who's desigining this stuff, software engineers? Oh, yeah, that's right....

Posted by: JPM at January 25, 2005 10:58 AM

> Thus, two seconds thinking on the problem shows that it
> is UTTERLY, STUPENDOUSLY, INCREDIBLY IDIOTIC to include > a "yah, go there anyway, yuk!" option.
>
> Who's desigining this stuff, software engineers? Oh,
> yeah, that's right....

In defense of software engineers, recall that stuff whose UI is designed by experts in customer requirements has not yet even implemented phishing detectors.

Posted by: James A. Donald at January 25, 2005 02:51 PM

JPM must be the same guy who decided Outlook should block "EXE" attachments, and not bother to offer an override option. After all, how many people really want to send executable files attached to mail messages?

Posted by: seaan at January 25, 2005 04:15 PM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.