Cyscon Firefox extension

Discussion in 'other software & services' started by Krusty, Oct 1, 2015.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
    Last edited: Oct 1, 2015
  2. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    Thanks, @Krusty13. We will use this "WilderSecurity"-thread to publish our release notes and as a support forum for english speaking users!

    Current version (1.10.0) supports:
    • allows you to report sites which seem to abuse your personal data to protect yourself and others
    • detects data security breaches and notifies you that your login data may have been stolen
    • detects whether your computer became a member of a botnet because it was infected by trojan software
    • detects/blocks sites which distribute malware and warns you before your computer becomes infected
    • detects/blocks phishing sites
    • detects/blocks attempts to steal your personal data
     
    Last edited: Oct 1, 2015
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
    Awesome start to what will hopefully be a long and happy relationship with Cyscon!
     
    Last edited: Oct 1, 2015
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,139
    hi
    will be released a chrome and opera extension too ?
    thanks
     
  6. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    Hi mantra:

    The same data that blocks phishing websites actually operates as standard in the Opera browser, which you can read more about here: http://www.operasoftware.com/press/releases/general/2015-06-23

    We are looking into the possibility of a Chrome Extension in the near future, but nothing has been finalised as yet. Same goes for Opera, for which the feature set will also be extended beyond the phishing blocks, to include the other features such as the Abuse Reporting, Malware Blocking, Trusted Website visibility, Breach Notification and Botnet Warning.

    Thanks
     
    Last edited: Oct 1, 2015
  7. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,139
    thanks Cyscon , but the article talks about opera and german users only
     
    Last edited: Oct 1, 2015
  8. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    The phishing feed is delivered to all Opera Browsers, as they enrich their backend in real-time. The stuff that is definitally missing are the points written above.
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,283
    @cyscon Welcome!
    When I don't see the Check. Does that mean website has not paid for your service.
    For example Wilders does not display Check. But, states No known incidents. What does Check signify and what does No known signify. "No known" can mean you're not monitoring or you're monitoring. Whereas Check makes me think you're monitoring. Please explain two Icons. One in address bar and another outside address bar. I have one site showing Check with pronounced (in) address bar Icon vs shadow looking Icon in address bar.
    From HitmanPro.Alert Topic #6965
    @Krusty13 Thanks
     
    Last edited: Oct 1, 2015
  10. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    Correct - To expand on that point...

    Use Case 1

    e.g. Companies that have well known problems with Phishing, such as banks (http://www.hsbc.co.uk/, and many more), social networks (https://www.facebook.com), providers (http://home.bt.com/): etc. - have their official sites marked with green check marks - to show the user that they are in the right place, but on typosquatting domains there is no green tick. Asking customer to look for "green SSL shields" is outdated in a time where you can get an automated SSL certicate with a CDN provider such as cloudflare, which doesn't say anything about whether the site is legit or not.
    A good explanation can be found here: http://blog.check-and-secure.com/290915-bt-customers-phished/

    On the other hand, these sites really need to be secure, because if they are hijacked, the problem is getting much worse. Remember the Bankofamerica-BGP hijacking attack? The IP appeared somewhere in NL. Or the DNS hijacking attempt of Avira, WhatsApp, etc.. Thats why we monitor them in the background (BGP, WHOIS, CONTENT, DNS ... the whole bandwith), which naturally costs us money. Resultantly, these services are paid for.

    If something only has a "shadow icon", it only means: Not checked, not monitored - but importantly, not necessarily malicious.

    Use Case 2:
    Visit www.patreon.com e.g. and have a look at what happens with the icon on the right. It shows two "yellow exclamation marks". Click on it and you should get the information on whats wrong here.
     
    Last edited: Oct 1, 2015
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,283
    Hello Cyscon,
    So, you monitor in the background all registered domains. And companies / domains faced with Phishing may or may not be subscribers to your service (at this time). What happens to the Icon if there is a known incident.
    How is user notified of a known incident. How close to real time are No known or known.
    Wilders has "shadow icon" in the address bar and no check Icon stating No known incidents.
    How can Wilders be No known and Not monitored...?
    https://en.wikipedia.org/wiki/Typosquatting

    And the second Icon in the address bar is akin to Verified by: Lock.
    What does Cyscon Check add to my protection beyond Verified by:.
    Verified by: is what I look for.
    Can a domain offer Verified by: and be a phished site...?
    I thought Verified by: was all I needed.

    Edit: Use Case 2: Ah, I see Verified by: and I see Cyscon warning.
    Ah! Interesting!!
     
    Last edited: Oct 1, 2015
  12. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    This depends entirely on the incident. One case is decribed above (Use Case 2). A second use case would be, for example, a known phishing page - here you get a similar warning like "google safebrowsing" and you cant access the URL. Some more features that will cause "flagging" (such us "malvertizing" and "malicious iframes") will be announced in the next couple of days.
    Real-time: The addon is connected to our cloud services and does not rely on static lists.
    WildersSecurity needs to subscribe with our service. The reason therefore is not only the payment or the "scan" - it's because of the entire "verification process", where we check a couple of things (such as address details, etc.). A "trusted domain" is more than just: "monitored and checked". The domain holder is verified, we need contact details, he agrees to act on abuse complaints within a given timeframe, etc. It is not necessarily a negative that Wilders has a shadow shield, but we can't just verify all pages as "trusted" if we haven't checked these details.
    You mean if a domain is used for malware or phishing, right? This is possible - and happens from time to time:
    - Sample 1: ebay got hacked and hosted an ebay phishing page
    - Sample 2: dropbox could be a trusted domain, but in the user generated dropbox folders are phishing pages.
    - Sample 3: sparkasse.de (a german bank) was hacked and delivered malware (funnily enough it was a banking trojan)

    But we cover this as well: If we see an incident on a domain, the domain looses the "green mark" instantly and the website owner is alerted by email and he has to react in a given timeframe to fix the situation.
     
    Last edited: Oct 1, 2015
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,283
    Is cyscon unique in what you do (plan to do).

    And cyscon Security Shield extension plays with all Firefox add-ons.

    Now, we have to figure out if you prefer c or C.
    Thanks cyscon
    Thanks Cyscon
    :)
     
  14. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    Yes, we are unique in what we do. We always "close gaps" and dont play copy cats. ;)
    Yes.
    Small companies always have small c's ^^
     
  15. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,283
    cyscon Security Shield ;)
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
    @cyscon ,
    I've found that none of the sites I regularly visit have the green tick so I guess they aren't paying for your service at this time.

    I'm wondering about "detects/blocks sites which distribute malware and warns you before your computer becomes infected", does that mean you have a list of known malicious sites? If so, can you share where you get this list?

    I still don't understand the shield icon in the address bar, can you explain the two icons?

    Thanks.
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,283
    Last edited: Oct 3, 2015
  18. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,139
    thanks
    but it's always on ,isn't ?
    because i haven't icon ,or settings or everything about Cyscon in opera 32.0.1948.69
     
  19. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    Yes, it is always on.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    What I always wonder about is if these type of extensions monitor your website usage, can you tell me more about this?
     
  21. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    I can't answer this for any extension, just for ours. As described in our Privacy Statement the addon requests details of a given hostname, not a URL, and gets back results which are locally cached in your browser:
    So, yes. We see (theoretically) the websites someone visited but not the full URL string. Due to the fact, that we don't store anything related to this query (such as IP addresses) we can't reproduce the originator. Compare it with the usage of a DNS server.

    In the Opera scenario, we dont see the hostname. Opera has a full copy of our database and provides the service on our behalf. What they do is something we cant reply, but we guess it's similar to what we do.
     
    Last edited: Oct 4, 2015
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
    o_O

    I'm still wondering...
     
  23. cyscon

    cyscon Registered Member

    Joined:
    Oct 1, 2015
    Posts:
    20
    Location:
    Germany
    @Krusty13 - Yes. We run a crawling infrastructure and a URL sharing platform:
    Have a look at cyscon SIRT's projects page or on PhishKiller's page.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
  25. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have just installed this on Cyberfox and run through all the tests etc. It is interesting that in the recommended anti virus that Avast is conspicuous by its absence. Is this a commercial decision not to include it or are there other reasons?
     
Loading...