455
edits
CFA/Security-Notes: Difference between revisions
→Anti-Phishing
| Line 29: | Line 29: | ||
=== Anti-Phishing === | === Anti-Phishing === | ||
* Highlight URL domain name in address bar (in FF3) | * Highlight URL domain name in address bar (in FF3) | ||
* Address bar protection - every window, including pop-ups, will show you an address bar (IE) | * Address bar protection - every window, including pop-ups, will show you an address bar (IE) | ||
* | * Ability to disable AJAX on certain sites; notify user if asynchronous calls are being made on user's behalf (FF brainstorm) | ||
* Tell me if the site I'm visiting is a suspected forgery (FF) | |||
** Check using a downloaded list of suspected sites | |||
** Check by asking Google about each site I visit | |||
* Phishing Protection - warn users of suspected forgery (phishing) sites, and offer to take user to search page to find the real website they were looking for (FF brainstorm) | * Phishing Protection - warn users of suspected forgery (phishing) sites, and offer to take user to search page to find the real website they were looking for (FF brainstorm) | ||
** Make it easier to report phishing sites | ** Make it easier to report phishing sites | ||
| Line 37: | Line 41: | ||
* Blacklisting of malicious websites (FF3) | * Blacklisting of malicious websites (FF3) | ||
* Safe browsing whitelist | * Safe browsing whitelist | ||
* FirePhish - uses Open Phishing DB to provide user with info and tools to protect against phishing attacks (FF extension) | |||
** Blinking-red warning when entering high-risk phishing-suspected sites | |||
** Green frame around location bar when entering sites on your safe list | |||
* EV certificates (FF3) | * EV certificates (FF3) | ||
** Clear UI to indicate identity verified | ** Clear UI to indicate identity verified | ||
* Security status bar - color-coded notifications appear next to the address bar to notify user of website security and privacy settings. Address Bar turns green for websites bearing new High Assurance certificates (IE7, VeriSign EV Green Bar FF Extension) | * Security status bar - color-coded notifications appear next to the address bar to notify user of website security and privacy settings. Address Bar turns green for websites bearing new High Assurance certificates (IE7, VeriSign EV Green Bar FF Extension) | ||
* International domain name anti-spoofing - notifies user when visually similar characters in the URL are not expressed in the same language (IE) | * International domain name anti-spoofing - notifies user when visually similar characters in the URL are not expressed in the same language (IE) | ||
* openID - decentralized single sign-on system that is possibly vulnerable to phishing attacks | * openID - decentralized single sign-on system that is possibly vulnerable to phishing attacks | ||
* Surf by IP protection (FF brainstorm) | * Surf by IP protection (FF brainstorm) | ||
** Disallow visiting sites by IP address (IP anywhere in URL) | ** Disallow visiting sites by IP address (IP anywhere in URL) | ||