image

FireFox 2.0, IE7 both fail phishing test

I’m not in the habit of visiting these sites, but when an email apparently from Bank of America plopped into my inbox a few minutes ago, it seemed the ideal moment to test out my brand new browsers – release versions of IE7 and Firefox 2.0.

The score is tied at zero for both browsers. Here’s the site in IE7:

Looks good, doesn’t it? No little padlock; so just to be sure I clicked Tools – Phishing filter – Check this website:

Personally I think this dialog is overly reassuring. Further, it strikes me that most sites where you suspect phishing are probably aping a site that uses SSL, so the dialog could usefully alert me to this. Never mind, let’s try Firefox 2.0:

No better, sadly. I tried both the options in the security section, including the scary one that sends all your web activity to Google, but still FireFox failed to warn me that I was about to give away precious financial secrets.

Luckily I don’t have an account with Bank of America. Still, the lesson here is that that neither browser is magic. There’s a delay between the appearance of a phishing site, and its blacklisting. It’s the same problem with anti-virus signatures: default permit is a broken security model. You have been warned.

Incidentally I reported the sites in both browsers. No instant change; but I’ll try the url again later.

PS: see here and here to see how quickly IE7 and Firefox started detecting this fraudulent site.

One thought on “FireFox 2.0, IE7 both fail phishing test”

  1. Please add firefox cookies/bad web sites immunization in next version!
    Firefox 2 cannot reject third party cookies!!!!!!!!

Comments are closed.