All the latest UK technology news, reviews and analysis

Phishers slip through Firefox security net

by Shaun Nichols

More from this author

09 Feb 2007

Comment: 1

  • Tweet this
Mozilla Firefox
A flaw in Firefox could allow phishing sites to appear authentic to the user

Security researchers claim to have discovered a flaw in Firefox that could allow attackers to disable the browser's anti-phishing filter through a simple change in a site's URL syntax.

SecuriTeam, a security alert site maintained by Beyond Security, said that the trick could allow for pages already in the Firefox registry of known phishing sites to slip past the recognition software and appear authentic to the user. 

SecuriTeam credited a report by an independent researcher using the name 'Kanedaaa'

The researcher discovered that the phishing filter could be disabled when an extra 'forward slash' is entered after the domain suffix (e.g. www.vnunet.com//news).

Firefox normally responds to a known phishing page by alerting users and redirecting them to a search page.

Mozilla, which oversees development and distribution of the open source browser, did not immediately respond to a request for comment from vnunet.com.

Do you agree?

Add your comment

Use bookmarks

If people boomarked the correct URL of the sites where they conduct financial transactions, and just stopped clicking on links, they are unlikely to get phished. Like anti-spyware tools, anti-phishing tools are not 100% accurate.

Posted by: Howie Mirkin 16 Feb 2007

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Information Security Manager

My client is a well established, non profit organisation;...

PHP Web Developer

PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...

HEAD OF DIGITAL - London - £80-95K+

HEAD OF DIGITAL - London - £80-95K + Excellent Bens...

Agile C# Developer - (North London)

Agile C# Developer - (North London) £55,000 - £65,000...

To send to more than one email address, simply separate each address with a comma.