Hi I am experimenting with phising protection and need someone to give my concept a good kicking around and find out if it breaks.
I wrote some proof-of-concept code which is availble here. It should only be used on test systems (no encryption, error checks...yet). https://addons.mozilla.org/de/firefox/addon/259889/ The Concept: Simple explanation: If the user is about to send his password to a page he never visited before he is warned. Complicated stuff: To reduce FPs (wrong warning every time a password is sent) lots of stuff needs to be done. At the moment, the plugin contains a whitelist, checks the internal password DB of firefox and uses stored "good sites". My goal is to reduce confirmation dialogs to max. 1/year for an average user and to be able to identify phising in a quality where we can just block page loading and notify the user "Phising blocked". I need some experienced security guys to play with the idea and give some feedback. Thanks and have fun ! _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security