| View previous topic :: View next topic |
| Author |
Message |
scupper
Sergeant
Premium Member
Joined: Jan 03, 2004
Posts: 104
|
 Posted: Thu Sep 09, 2004 8:57 pm Post subject: SpoofStick - any experiences with this anti-spoofing BHO? |
|
|
I Googled castlecops to find some feedback about an anti-phishing tool called Spoofstick, a Browser Helper Object for IE and extension for Firefox, that reveals spoofed URLs. The program is produced by Corestreet, a company out of Cambridge, MA.
I found 3 forum posts (by [url=by  /modules.php?name=Forums&file=profile&mode=viewprofile&u=79]LoPhatPhuud[/url] Post 1 | Post 2 | Post 3) recommending it.
Wondering if anyone has had experience with the program.
It comes recommended by Anti-Phishing Crusade of the UK and others listed in this article roundup, "SpoofStick 1.0 is here" - Phil Libin
|
|
| Back to top |
|
 |
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Wed Dec 08, 2004 3:39 am Post subject: |
|
|
scupper,
I didn't see this before now. Did you end up trying it?
|
|
| Back to top |
|
|
scupper
Sergeant
Premium Member
Joined: Jan 03, 2004
Posts: 104
|
| Posted: Wed Dec 08, 2004 3:54 am Post subject: |
|
|
I didn't install it. I was looking for something for my parents, as they've been getting hit pretty hard lately with spam and phishing emails, as well as 419s and lotteries from the Netherlands.
Ended up redirecting their existing pop accounts to Yahoo accounts, and setting up new POP accounts for them, only to be shared with trusted recipients and businesses.
|
|
| Back to top |
|
|
scupper
Sergeant
Premium Member
Joined: Jan 03, 2004
Posts: 104
|
| Posted: Wed Dec 08, 2004 9:29 pm Post subject: |
|
|
Another toolbar I came across when looking at these was the Earthlink toolbar, that comes with their "ScamBlocker tool". PC Magazine did a review of it recently on 11/18/2004. The Antiphishing Working Group also recommends it as a possible defense. (1) (2).
I read an article back in September about the Financial Services Technology Consortium (FSTC) launching a "Counter-Phishing Initiative", with a few of it's goals being to identifying new tools for customers and online communities to communicate with/through about these new tools. <br><br>Maybe there's an opportunity for castlecops to do a Q & A feature/article with the FSTC Counter-Phishing project's leaders, Zach Tumin (zachary.tumin(AT)fstc.org), or Jim Salters (jim.salters(AT)fstc.org), and for them to get feedback from the castlecops community about tools the FSTC has recommended, and for FSTC to get recommendations/input from castelcops about tools/practices the castlecops community has used/recommended/tested.
|
|
| Back to top |
|
|
nfntjy
Special Response Team
The Phishing Squad
Joined: Feb 10, 2004
Posts: 2465
Location: Memphis, TN
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
|
| Back to top |
|
|
sfpdiaspora
Cadet
Joined: Dec 17, 2004
Posts: 3
Location: USA
|
| Posted: Sat Dec 18, 2004 4:51 am Post subject: there's another good anti-phishing/fraud product |
|
|
The best product I've seen so far is http://www.fraudeliminator.com. It's pretty new but has by far the best interface and is also really designed for novices---I specifically installed it on my mother's machine.
It also identifies the country that all websites are hosted in, which is very valuable info (should Cit1bank.com be in Russia?) and the real URL (like Spoofstick).
IMO SpoofStick is worthless for novices. Newbies should get EarthLink's product (ScamBlocker) or FraudEliminator.
Just my 2 cents,
Mike
| scupper wrote: | I didn't install it. I was looking for something for my parents, as they've been getting hit pretty hard lately with spam and phishing emails, as well as 419s and lotteries from the Netherlands.
Ended up redirecting their existing pop accounts to Yahoo accounts, and setting up new POP accounts for them, only to be shared with trusted recipients and businesses. |
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Wed Dec 22, 2004 3:55 am Post subject: |
|
|
I will be doing an Interview with the CEO of the Anti-Phishing Working Group shortly.
|
|
| Back to top |
|
|
sfpdiaspora
Cadet
Joined: Dec 17, 2004
Posts: 3
Location: USA
|
| Posted: Wed Dec 22, 2004 5:52 pm Post subject: |
|
|
Cool---will you be publishing that here?
Will be very interested to read.
Mike
| Robin wrote: | | I will be doing an Interview with the CEO of the Anti-Phishing Working Group shortly. |
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Thu Dec 23, 2004 5:16 am Post subject: |
|
|
Yes it will be published here in the news. I'll try to remember to post a link to it from this topic once it is up. It will also be available in my article archive.
|
|
| Back to top |
|
|
Sandi_Hardmeier
Security Expert
Microsoft MVP
Joined: Apr 12, 2004
Posts: 92
|
| Posted: Mon Jan 03, 2005 3:45 pm Post subject: Re: SpoofStick - any experiences with this anti-spoofing BHO |
|
|
| scupper wrote: | I Googled castlecops to find some feedback about an anti-phishing tool called Spoofstick, a Browser Helper Object for IE and extension for Firefox, that reveals spoofed URLs. The program is produced by Corestreet, a company out of Cambridge, MA.
I found 3 forum posts (by [url=by /modules.php?name=Forums&file=profile&mode=viewprofile&u=79]LoPhatPhuud[/url] Post 1 | Post 2 | Post 3) recommending it.
Wondering if anyone has had experience with the program.
It comes recommended by Anti-Phishing Crusade of the UK and others listed in this article roundup, "SpoofStick 1.0 is here" - Phil Libin |
I suspect this may be a bit late... but anyway.
Spoofstick is ok but it has its shortcomings. For example, it will only show IP address instead of alphanumeric address if that is what the visited URL uses (whcih makes it essentially useless to the home user), and it can only be installed on XP/2000. The Earthlink toolbar, and Deepnet's inbuilt phishing protection, are probably a better bet.
Spoofstick does have a good feature that surprised me when I saw it; I am sure we all know of the 'addressbar overlay' trick that has now been fixed by MS (as highlighted at Doxdesk.com). Spoofstick (unintentionally) provides protection from this vulnerability because the script that is used to position the addressbar overlay seems to be unable to detect the presence of the Spoofstick bar. Essentially, those who are running Spoofstick are getting virtually the same protection from addressbar overlay as the lucky users of XP SP2. I've got some screenshots of the effect here:
http://www.microsoft.com/windows/ie/community/columns/browseraddons.mspx
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Tue Jan 04, 2005 6:00 pm Post subject: |
|
|
Never too late 
I noticed when I was adding SpoofStick to the Reviews, that they have released a newer version.
Have you tried both for IE and Firefox?
|
|
| Back to top |
|
|
quietman7
1st Responder Mentor
1st Responder Mentor
Joined: Sep 30, 2004
Posts: 3566
Location: Virginia, USA
|
| Posted: Tue Jan 04, 2005 6:53 pm Post subject: |
|
|
On 11/03/2004 Spoofstick version 1.04 was released for Firefox. Version 1.02 for Internet Explorer was released on 8/18/2004. I have used it for several months. When FraudEliminator 2.12 was released on 12/17/04 I began using it and prefer it features, especially the update button in "real time." With Spoofstick, the user has no way to know how long it has been since the database was updated.
Another tool I have not heard discussed much is a free service called PhishGuard: http://www.phishguard.com/
Instead of adding a toolbar, PhishGuard installs as a startup program in the system tray. It allows configuration of some preferences and the ability to check for updated versions.
|
|
| Back to top |
|
|
quietman7
1st Responder Mentor
1st Responder Mentor
Joined: Sep 30, 2004
Posts: 3566
Location: Virginia, USA
|
| Posted: Tue Jan 04, 2005 6:53 pm Post subject: |
|
|
On 11/03/2004 Spoofstick version 1.04 was released for Firefox. Version 1.02 for Internet Explorer was released on 8/18/2004. I have used it for several months. When FraudEliminator 2.12 was released on 12/17/04 I began using it and prefer it features, especially the update button in "real time." With Spoofstick, the user has no way to know how long it has been since the database was updated.
Another tool I have not heard discussed much is a free service called PhishGuard: http://www.phishguard.com/
Instead of adding a toolbar, PhishGuard installs as a startup program in the system tray. It allows configuration of some preferences and the ability to check for updated versions.
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
It will take me a little bit to put some Q together to ask them.
