Phishing attacks have become the epidemic in the past few years. They usually involve fraudulent web sites and email scams that try to collect sensitive information from Internet users such as account names, passwords, and credit card numbers.
To combat phishing attacks, you must know how to spot a phony web site. However, without proper knowledge, it can be very difficult to see all possible warning signs. One thing that would make your life easier is to have a utility that will automatically determine if a web site is trusted.
SpoofGuard is an extension to Internet Explorer (IE 6.0 only) developed by Stanford Security Lab to help Internet users spot spoofed web sites by displaying a traffic signal indicator. It also prevents you from sending sensitive information when filling a fake form on a web page.
For instance, if you visit a legitimate Google Gmail site, you will see a green light in the status bar, which means a trusted web site:
But you visit a spoofed web site, the status bar will be either red or yellow:
There are two versions of SpoofGuard. The Default version will email information back to Stanford Security Lab when a false alarm is detected. The Light version doesn’t report anything. Once you’ve downloaded the installer, run it and restart Internet Explorer. You should now see the warning toolbar. If you don’t, from the View menu, select Toolbars and select WarnBar.
The SpoofGuard toolbar has three buttons. The first, the Status button, displays the current domain and brief representation of the status (green - safe, yellow - may be spoofed, red - untrusted). The second, the Settings button, brings up the Settings dialog and the last button, the Reset button, removes all data collected by SpoofGuard.
SpoofGuard works by performing a series of checks on the web site and the content of the web pages you’re viewing. You can adjust each of these tests with a weight in the Settings dialog. A web site is flagged if the sum of the weights of all positive checks exceeds the Total Alert Level you’ve configured.
While SpoofGuard is a great tool, it’s not foolproof. But with some education and tools like SpoofGuard, you might survive.
Post a Comment
Contact
Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com
subscribe
Search
Latest Entries
- msramdmp: Dump RAM from a USB stick
- SWFIntruder: Are your Flash applications secure?
- Untidy: Python-based XML fuzzer
- Jailbreaking iPhone software v1.1.1
- Secure browsing with Squid and SSH
- Combat spam with Gmail aliases
- 5 Essential laptop security tips
- Email encryption with GPG and Mail.app
- Firefox: Disable suspicious JavaScript features
- aSSL: Add SSL to your Ajax application
Archives
