Mozilla Gets A Phishing Fix - InformationWeek
IoT
IoT
News
Commentary
1/24/2005
06:18 AM
50%
50%
RELATED EVENTS
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Mozilla Gets A Phishing Fix

Thunderbird, Mozilla's open-source messaging client, hasn't yet won the same giant-killing reputation as its older sibling, Firefox. Recently, a group of developers checked a new feature into the Thunderbird code tree that demonstrates how it could, like Firefox, hit the big time by attracting users who are tired of having their pockets picked every time they go online.

Thunderbird, Mozilla's open-source messaging client, hasn't yet won the same giant-killing reputation as its older sibling, Firefox. Recently, a group of developers checked a new feature into the Thunderbird code tree that demonstrates how it could, like Firefox, hit the big time by attracting users who are tired of having their pockets picked every time they go online.

The feature is a simple but promising phishing detector. Some of the most common phishing scams involve HTML email that displays one URL in the message body but actually takes the user to a different site--one where the scam artist quickly relieves victims of their privacy, their money, or both. The current version of the feature, which is available in some Thunderbird development builds, works when the email body text displays one URL, but the actual URL uses an IP address or a different domain name. If the user clicks on a suspicious link, Thunderbird displays a warning and asks the user for a confirmation before allowing a Web browser to open the link.

This is the developers' first stab at implementing the feature, and as they admit, there's plenty of room for improvement before it appears in a production release. But it's a wonderful idea, and it would be great to see this or something like it implemented in Thunderbird 1.1.

As for the other email clients on the market today, especially Microsoft Outlook, the Thunderbird contributors' work begs the question: Why hasn't anyone else thought of this? Outlook already makes Internet Explorer look like Fort Knox; if the Thunderbird development community keeps thinking like this, it might give more Outlook users--or at least the ones not at the mercy of a corporate IT department--a good reason to switch.

Update (Jan.24, 22:26): One of my colleagues, Don St. John, alerted me to an email client with a working anti-phishing feature. Eudora 6.2 opens a pop-up warning when a user mouses over a suspicious link, and the software requires a confirmation before opening a phishy link. If anyone else knows of products with similar features, let me know, and I'll add them to the list.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll