It looks to me like it doesn't work as well as it claims, though. A phisher could direct the user via an email to click on a legitimate link to a proper site - this could be a EULA or something like the GPL. A second URL could be included in the email below the legitimate URL - providing the user is instructed to not close his/her browser and providing they abide by this instruction, they may be at risk of being exposed to a phishing site even though the site is genuine according to the Netcraft toolbar. I am unsure if it is by using none standard ports or if it is because the name is hosted by DynDNS or both - but this really is a huge potential flaw in the toolbar.
These images are screen shots of the TB running in FF1.0.4 on XP SP2 This one (http://members.shaw.ca/hruodperht/pp1.png) shows me surfing Microsoft, the legitimate URL in this example. This URL can be replaced by any legitimate URL. This one (http://members.shaw.ca/hruodperht/pp2.png) shows me visiting a server using DynDNS and a non-standard HTTP port. This one (http://members.shaw.ca/hruodperht/pp3.png) shows the same DynDNS server after a 5 second redirect. As you can see, all the while the toolbar is showing that it is on a site hosted by Microsoft, which is no where near the case. I have reported this error to Netcraft, and have not received any response from them. Doesn't this flaw give the end user a false sense of security? Thinking the Netcraft bar or any other form of security software is the beat all end all of system breach is more like fodder for the fire. Hruod _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
