[cap-talk] Browser upgrades - the good, the bad, and the
ugly
Jed at Webstart
donnelley1 at webstart.com
Mon Feb 6 20:38:09 EST 2006
At 04:56 PM 2/6/2006, Sandro Magi wrote:
>Jed Donnelley wrote:
>>Cap-talk:
>>I just went through the exercise of updating my version of Firefox
>>to 1.5.0.1. That upgrade went quite smoothly. I was happy to
>>notice that, while the old Petname Toolbar that I had wasn't
>>compatible with the new Firefox version, it automatically detected
>>the incompatibility, asked me if I wanted it to look for a new
>>version, found the new version and installed it automatically as
>>part of the upgrade process. Nice!
>>*Good!
>>*On the other hand, partly as a matter of protection I installed
>>the new Internet Explorer version 7 Beta 2.
>>1. As soon as you start up the new IE they recommend that you
>>"Turn on automatic Phishing Filter", and they say, "Some website
>>addresses will be sent to Microsoft to be checked. Information
>>received will not be used to personally identify you."
>>Not to identify me perhaps, but I can well imagine that such
>>information could be useful for many commercial purposes.
>>Does anybody have any idea why they feel they need to collect
>>website addresses (I assume they are referring to DNS names or
>>perhaps whole URLs?) to "filter" phishing?
>
>See this recent discussion Tyler and I had on this, and the changes
>he made to the Waterken server to avoid sending YURLs to Microsoft:
>
>http://sourceforge.net/mailarchive/forum.php?thread_id=9603076&forum_id=45064
>
>Tyler mentions in the above link, that the Google anti-phishing
>toolbar is even worse in this regard.
>
>Sandro
Thanks Sandro. This link from the above thread:
http://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx
explains quite a bit about their implementation. When it comes to:
"Once a request has been submitted it is reevaluated by the Phishing
Filter team. Based on the reevaluation,
the site will either be removed from the list or left as it is."
it appears that Microsoft is getting into the computer security
business by way of IE.
Also it appears that the warning screen that they set up for
suspected phishing sites
is the same one they are using for sites signed by unknown
certificate authorities.
That may be why it looks as nasty as it does.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list