PhishMeNot FormAdvisor

Discussion in 'other security issues & news' started by phishmenot, Sep 7, 2009.

Thread Status:
Not open for further replies.
  1. phishmenot

    phishmenot Registered Member

    Joined:
    Sep 7, 2009
    Posts:
    6
    I would like to get some feedback on a software that I worked on for "preventing" Phishing attacks. It's called "PhishMeNot FormAdvisor" and is available at http://www.phishmenot.com/.

    Basically, the idea is to show relevant information (about where your personal information is going when you enter one on a website) where it matters and where it's hard to miss in a non-intrusive way. The information is presented in a very layman format in the hope that it might make an unsuspecting user aware of any fraud or the fact that the personal information is not going over https.

    Please check out the screen-shots at the above website.

    Thanks,
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi,

    Seems like it's a very simple and clear way of alerting people, which is exactly what's required.

    Is it 100% guaranteed to work as a cross reference against ALL www's, or ? And how does it work ?

    Not everybody has the Browsers, or versions you list. For eg, i use IE6 + FF v3.0.13 so would it be possible to include these as well. If so you will enable a lot more people out there in www land to be better informed, and hopefully protected too.

    Your www lists -



    PhishMeNot FormAdvisor runs on Windows XP, Vista, and 7. The following browsers are supported:

    - Internet Explore 8

    Support for Firefox 3.5+ is coming soon.
     
  3. phishmenot

    phishmenot Registered Member

    Joined:
    Sep 7, 2009
    Posts:
    6
    Thanks, StevieO for the feedback.

    I am currently working on a Firefox version. It just that Firefox addon documentation based on xpcom is not much out there. I have to read a bit of Firefox source to get the things done.

    As far as IE is concerned, PhishMeNot formAdvisor actualy could work on IE versons starting 6.0. In IE 8.0, it's much easier to show the name of the orgranization for secured sites instead of domain name which is more easier to understand for a many (e.g., Citibank versus accountonline.com). I was hoping the people out there would upgrade to latest and greatest when it comes to browser so having IE8 as a requirement would not be a problem. I might be wrong. It does looks like that IE6 and IE7 are still quite in use. (http://en.wikipedia.org/wiki/Internet_Explorer_8). I will add the support for IE6 and IE7 back.
     
  4. phishmenot

    phishmenot Registered Member

    Joined:
    Sep 7, 2009
    Posts:
    6
    The appraoch to what it shows is very simplistic in this initial version. Basically, you get to see the following:

    - domain name or the name of company where information will be submitted. It actually, in most cases, can figure out the submit url even if the url changes dynamically when you click "submit" (or whatever the name of the button that submits the form). This dynamic discovery is turned off by default if you're on a secure site already.

    - Green shield: You on a secure site or information is submitted to a secure site. e.g., green on secure site, green on unsecure site but the form is submitted to a secure site.

    - Red shield: Information is submitted to a insecure site.

    - Orange shield: For some reason, it can not determine the url where data will be submitted

    There are two aspects that PhishMeNot FormAdvisor attempts to address:

    - To show the information where it matters in an non-intrusive way
    - To show relevant information in a layman language

    It's not a protection against Phishing rather a possible prevention.

    If anyone wants to test it out on real phishing sites, I would suggest installing the software and trying out phishtank.com *** but be careful.
     
    Last edited by a moderator: Sep 8, 2009
  5. phishmenot

    phishmenot Registered Member

    Joined:
    Sep 7, 2009
    Posts:
    6
    It should work on IE6+ now but IE8 is recommended.
     
  6. catcherintherye

    catcherintherye Registered Member

    Joined:
    Oct 28, 2008
    Posts:
    13
    It does sounds interesting looking at the screen shots. Will try it out.
     
  7. phishmenot

    phishmenot Registered Member

    Joined:
    Sep 7, 2009
    Posts:
    6
    Sorry for posting a link to Phishtank. I thought it might be helpful for someone to try out the software. BTW, Phishtank is not a malware site.
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    phishmenot, after offline evaluation of the Web site, I have placed the domain name back on your original post, without a link to it. However, may I remind all members that they should avoid navigating to the reported sites listed there, since the content of those secondary locations is questionable at best, and potentially malicious.

    JR
     
  9. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    phishmenot

    I installed it today with no problems on IE6, then visited several naughty www's listed on PhiseTank.

    As soon as i started entering the first character Phishmenot jumped in with an alert. Here's just one example -

    pmn1.png

    So far so good ! Now if i backspaced the character/s and entered again, i recieved NO alert ? Also when entering in other fields i didn't always get alerted, only on some ?

    I appreciate that continuing to proceed after the first alert if someone was doing it for real would be foolish. Would it be possible though for Phishmenot to alert on every input, or do you think it's overkill ? If it could be done without too much extra coding, and/or without impairing a browsers performance, then that would be very worthwhile i believe.

    Anyway, so far it gets a big thumbs up from me, as i'm sure most people out there in www land would Really benefit from this.

    All the best with it.

    S
     
  10. phishmenot

    phishmenot Registered Member

    Joined:
    Sep 7, 2009
    Posts:
    6
    Thanks, StevieO for trying it out. I am glad that your first impression was not bad.

    Currently, it selectively highlights the fields (with a shield) that may be of high importance. Highlighting all the fields seems like a lot. But it could be just a user setting and by default it does what it does now.

    Also, as you noticed it is very conservative in terms how often it alerts but again it could be user setting to alert on all input. I don't think it will impair performance at all.

    You are helping in a way exactly I thought I would get from the community. Once I have enough feedbacks, it would be easier to change the default behavior.

    I will include a UI in the next update so a user can change some of the default behavior.
     
  11. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Well it was more than just " not bad " lol.

    That UI idea could be good, i'll give it a shot when it's ready, no rush though.

    S
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    I downloaded a copy and tried it out. I like the idea of it, but it tells me it is unsafe to enter my personal information in the logon boxes on this site (Wilders). That doesn't stop me from logging on here, but for the individuals that would most need this program I think it would only confuse them. I assume it is doing this because it is not an SSL logon, but if that is the case I think the little balloon needs more info other than "It's not safe to enter your personal information here." I do think this program has a lot of potential though.
     
Thread Status:
Not open for further replies.