The Omni Group Forums

The Omni Group Forums (http://forums.omnigroup.com/index.php)
-   OmniWeb General (http://forums.omnigroup.com/forumdisplay.php?f=8)
-   -   Phishing filter (http://forums.omnigroup.com/showthread.php?t=7816)

P.K. 2008-04-18 11:49 AM

Phishing filter
 
Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters. Does OmniWeb 5.7 have such a filter? Sure hope so. Current article in MacWorld says to stay clear of many browsers, including Safari... however, does not mention OmniWeb.

Anybody know?

P.K.

Forrest 2008-04-18 12:05 PM

It doesn't.

I'm not really fond of them either. No filter can solve the problem, and it gives people a false sense of security. Education is a much better tool.

This is also an instance where I think the OG needs to define their audience and cater to it.

JKT 2008-04-19 08:01 AM

[QUOTE=Forrest;35853]I'm not really fond of them either. No filter can solve the problem, and it gives people a false sense of security. Education is a much better tool.[/QUOTE]
It also means that you send your entire browsing history to someone like Google (if you use them as the source of info for what are potential phishing sites). Colour me cautious, but I am extremely wary of doing that given how bad Google's etc. track records are on privacy and data retention. Personally, I would say that this is the real reason why PayPal want you to use a browser that has phishing filters built-in (no doubt, they aim to be the source of their own filter list at some point, which you will then have to use if you want to keep using PayPal) and the reason why Mozilla offers Google as the default source (more revenue from Google for them).

It is either that or downloading a list of potential phishing sites (and keeping doing so to make sure it is up-to-date).

Personally, neither option is at all attractive, each is very prone to giving false negatives and neither will beat being cautious and actually thinking about who you are giving your credit card etc info to.

P.K. 2008-04-19 10:06 AM

So...
 
So, the question remains - at some time in the future will users of OW need to switch (if only temporarily) to Firefox or Opera to complete a Pay-Pal transaction?

Or will Pay-Pal ultimately pull back from their current effort to block those browsers not using a phishing filter?

Forrest 2008-04-19 10:21 AM

I'll stop using PayPal if they force me to use another browser. It already has a hard enough time with Firefox. No way I'm going to use Opera just for PayPal.

ptomlins 2008-04-20 01:39 AM

I'd like to see this feature in version 6

The problem with education is that people have already had a chance and these things are happening. Do I think omniweb users are vulnerable? I think they are probably some of the least vulnerable users around (based on browser choice I think they are already pretty cluey). However I think this is going to become basic browser functionality. If your tired and not thinking properly and you do something stupid it does protect you as a last line of defense.

The argument about privacy and paypal and co wanting your browser history. I think PayPal/Ebay wants to reduce fraud as it is costing them money and this is where intent is coming from. The providers of these services have there own reasons .They could be trying to protect themselves (MS I believe offers something and that is to protect its user bases, Google probably has a host of reasons, make money somehow someday? )

I do believe that people should be able to use these services without being tracked so to speak. (In the interium maybe omni could provide a button to the system preferences where one can enter proxy settings for http like safari)

m-rick 2008-04-20 02:33 AM

Phishing filter
 
OW definetely needs a built-in phishing filter : Firefox has one Opera too and M$ IE 7 too, and eBay and Paypal are on the way to request one from the browser to get access on their website, so when they will do it, we will not able anymore to access them with OW. And if they do it, a lot od sites will do the same ...

I don't want to have hundred browsers on my Mac. I have Camino too but I almost never use it now since this latest version of OW is very stable and more compatible with almost all the websites.
So I hope OmniGroup is going into consideration on this.

[url]http://forums.appleinsider.com/showthread.php?p=1242183[/url]

[QUOTE]PayPal may block Safari users
As part of a multi-tiered approach to guarding against online fraud on its site, PayPal says it will block the use of any web browser that doesn't provided added validation measures, potentially restricting the current version of Safari from the e-commerce site.

The money transfer service's Chief Information Security Officer, Michael Barrett, makes the new policy clear in a white paper (PDF) posted this week, which highlights the browser as a key means of putting an end to phishing (false website) scams alongside such steps as blocking fraudulent e-mail messages and criminal charges.

When addressing web access, Barrett argues that any user visiting a financial site such as PayPal should know not only that their browser will block fake sites meant to steal information, but also that the browser can properly indicate a legitimate site. Without either precaution, visitors may not only be victims of scams but may lose all trust in an otherwise safe business. This doubly harmful outcome is likened to a car crash without protection.

"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," the expert says.

To that end, PayPal is said to be implementing steps that will first provide warnings against, and eventually block, any browser that doesn't meet these criteria.

Most modern web browsers, including Firefox and newer versions of Microsoft's Internet Explorer, are able to support at least basic blocking of phishing sites. The newest, such as Internet Explorer 7 or the upcoming Firefox 3, also support a new feature known as an Extended Validation Secure Socket Layer (EV SSL) certificate. The measure of authenticity turns the address bar green and identifies the company running the site, letting the user know any secure transactions are genuine.

Safari, however, lacks either of these features and so could fall prey to the blocks and warning messages. Barrett doesn't mention the browser by name but notes that any "very old and vulnerable" software would ultimately be blacklisted from the future update to PayPal's service, placing Safari in the same category of dangerous clients as Microsoft's ten-year-old Internet Explorer 4.

Apple's approach to browser security has so far been tentative. The Mac maker has briefly incorporated Google's database of fraudulent sites into a beta builds of Mac OS X Leopard this past fall, only to pull the feature in later test versions. Release builds of the stand-alone browser for both Macs and Windows PCs have also gone without the anti-phishing warnings, but notably leave code traces inside the software that raise the possiblity of improvements through a later update.

Apple hasn't responded to the white paper but is likely to face pressure as PayPal and similar institutions ask for an all-encompassing approach to fighting scams that involves EV SSL and other software techniques. Internet Explorer 7's debut has already had a demonstrated effect on customers, who are more likely to finish signing up for PayPal knowing that the web browser has authenticated the registration page.

"We couldn’t eradicate this problem on our own – to make a dent in phishing, it would take collaboration with the Internet industry, law enforcement, and government around the world," Barrett explains.[/QUOTE]

JKT 2008-04-20 03:39 AM

[url]http://forums.omnigroup.com/showthread.php?t=7816[/url]

Forrest 2008-04-20 09:01 AM

[QUOTE=ptomlins;35871]The problem with education is that people have already had a chance and these things are happening.[/quote]

Really? Got anything to support that? As far as I know, I have yet to see a site require any sort of education to access their site.

[quote] If your tired and not thinking properly and you do something stupid it does protect you as a last line of defense.[/quote]

I'd also like to see some evidence of that. From what I know of phishing filters, they either only protect against known issues or they tell you there is a problem on a site unless the site owner has shelled out extra $$$.

To think that phishing filters will protect you if you do something stupid is far from accurate.

Forrest 2008-04-21 04:46 PM

[url=http://www.tuaw.com/2008/04/21/paypal-says-it-wont-block-safari/]TUAW: PayPal says it won't block Safari[/url]

[i]in a brief addendum to a post at the Wall Street Journal last week it was reported that -- while Paypal will be blocking older browsers (IE4-era) and older operating systems -- Safari is safe from the cut.[/i]

P.K. 2008-04-22 02:49 PM

It would be most appropriate for OW STAFF to reply to our discussion on phishing filters. If indeed OW chooses to ignore the ramifications of this development, then they are dismissing a major turning point in browser development.

Come on Omniweb, join in... we want to know what you are thinking, and how you plan to react to PayPal's threat.

P.K.

Brian 2008-04-22 03:05 PM

I'm not on the OmniWeb team, but it's worth pointing out that Paypal has [URL="http://it.slashdot.org/article.pl?sid=08/04/21/2352204"]disavowed plans to block any browsers[/URL].

Forrest 2008-04-22 03:16 PM

This is mainly a members-helping-members type forum. The OG guys do drop in from time to time, but if you have a pressing issue the best way to get a response is to use the Send Feedback... option under "Help" in the browser.

PS. If you're looking for help, it's not the best idea to ignore what others post. I already pointed out PP is not blocking Safari in a previous post, yet you continue to state that PP has issued a "threat."

Ilgaz 2008-05-04 02:55 AM

1Password guys added support
 
1Password recently added support to every browser they are compatible with using Phishtank.com community supported data.

Of course it is a shareware application and if Omniweb had phishtank.com support, it wouldn't rely on a Input Manager (which is not essentially bad).

I just tell for the 1password users and people planning to get a password manager or feeling insecure.

Ben524 2008-08-07 06:31 AM

Phishing
 
I just received my Consumer Reports and it stated to stay clear of Safari because of Phishing. It said to use either Opera or Firefox. Does Omniweb now offer a Phishing Filter?

Handycam 2008-08-07 06:46 AM

[QUOTE]Does Omniweb now offer a Phishing Filter?[/QUOTE]

No.

I agree with Forrest. These filters only protect you from known phishing sites. A little common sense goes a long way. Omniweb is not really a browser for web neophytes. Just don't click on links in your emails, or blind links on web sites, and never enter your pwersonal information unless you're on a known secure web site. Duh.

I'd hate to see development resources wasted on this feature and taken away from fixing the anoyances we've been complaining about for months.

maurer 2008-08-17 02:17 PM

If OmniWeb saves passwords in the Keychain and normally fills them in on a web form, does it not have to check that the domain is correct? Would not its failing to fill in a password in the normal way serve as an warning that something is awry?

m-rick 2008-11-22 11:13 AM

And so what about this function in OW since it is now available in Safari and so a part of WebKit ?

frankiec 2008-11-25 06:50 AM

[QUOTE=m-rick;51405]And so what about this function in OW since it is now available in Safari and so a part of WebKit ?[/QUOTE]
That doesn't necessarily mean it's part of WebKit.


All times are GMT -8. The time now is 12:08 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.