PDA

View Full Version : Mobile Safari Anti-Phishing Feature Criticized As Being Inconsistent




MacRumors
Sep 10, 2009, 09:13 PM
http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/iphone/2009/09/10/mobile-safari-anti-phishing-feature-criticized-as-being-inconsistent/)

As part of the iPhone/iPod Touch 3.1 Software update (http://www.macrumors.com/2009/09/09/apple-releases-iphone-os-3-1-for-iphone-and-ipod-touch/) released yesterday during Apple's rock and roll event (http://www.macrumors.com/2009/09/09/live-coverage-of-its-only-rock-and-roll-media-event/), Mobile Safari gained anticipated anti-phishing features currently present in its desktop version (http://www.macrumors.com/2008/11/13/apple-releases-safari-3-2-with-improved-security-anti-phishing/). However, security firm Intego is criticizing the feature's inconsistency as being worse than if the feature hadn't been included at all (http://blog.intego.com/2009/09/10/apple-adds-safari-anti-phishing-feature-that-doesnt-work-to-iphone/).

We’ve had a number of people test [the anti-phishing feature], and some people get warnings for sites that others can load just fine. We’ve tried isolating locations, iPhone/iPod touch models, and whether they are connecting over a cell network or via wifi, but all we’ve come up with is that sometimes it works and sometimes it doesn’t. This is clearly more dangerous than no protection at all, because if users think they are protected, they are less careful about which links they click.

The desktop version of Safari uses Google's Safe Browsing API (http://code.google.com/apis/safebrowsing/). It's unclear what technology the Mobile Safari browser uses and what the exact reason is for the inconsistent results, however Intego as well as other researchers (http://research.zscaler.com/2009/09/watered-down-phishing-protection-in.html) promise to continue to investigate the issue.

Article Link: Mobile Safari Anti-Phishing Feature Criticized As Being Inconsistent (http://www.macrumors.com/iphone/2009/09/10/mobile-safari-anti-phishing-feature-criticized-as-being-inconsistent/)



SFStateStudent
Sep 10, 2009, 09:30 PM
I'm on that bus....:eek:

spillproof
Sep 10, 2009, 09:47 PM
This not like Apple. I just checked my bank accounts today! I could be flat broke right now and I wouldn't even know it!

Zimmer62943
Sep 10, 2009, 10:17 PM
whinge bloody whinge, im sure if theres a problem apple will be on it soon

carmenodie
Sep 10, 2009, 11:49 PM
in the bigger scheme of things don't blame apple blame the SOBS that are trying day and night to get your personnel information. And for the record, apple never said the Mac couldn't get viruses. Never! It has been the overzealous apple community touting that BS and getting all them apple converts all hyped up. Now some of the converts are questioning their decision to go apple. Meh!

macduke
Sep 11, 2009, 12:10 AM
This not like Apple. I just checked my bank accounts today! I could be flat broke right now and I wouldn't even know it!

You must be joking, but in case you aren't, here goes:

Say you have accounts at US Bank. If you go to usbank.com, you will not have any problems. If you get an email saying it's from your bank and it's not, and you click a link which opens into a website that is not your bank, then you would have to be an idiot to enter your personal information.

Bottom line: don't be a fool. This feature is only for morons. If you use your bookmark for your bank's website, or even type it in manually, there is no reason to need the anti-phishing measures.

spillproof
Sep 11, 2009, 12:25 AM
You must be joking, but in case you aren't, here goes:

haha yes, to an extent. As I just did a reset and lost all my bookmarks, I had to manually typed the url in today over my school's non-encrypted wifi network, then register the "new computer" to my account.

centauratlas
Sep 11, 2009, 04:00 AM
I agree. Those SOBS at the IRS (or HMRC/Inland Rev etc) are always trying to get my personal info and my money. ;-)

Safari didn't throw up a warning for all those .gov sites.


in the bigger scheme of things don't blame apple blame the SOBS that are trying day and night to get your personnel information.

wackymacky
Sep 11, 2009, 04:43 AM
Given that most people know that they should type url's fir their banks etc rather than clicking on links, I'm not sure how bigger problem this is.

longofest
Sep 11, 2009, 08:38 AM
It's best just to be aware. Better for the user to be aware that the feature isn't working properly so they shouldn't rely on it.

Doctor Q
Sep 11, 2009, 01:44 PM
I don't think I'd turn complacent just because a non-foolproof feature was assisting me in being careful, as a convenience. This kind of feature can't be foolproof anyway.

Kevster89
Sep 22, 2009, 11:57 PM
You must be joking, but in case you aren't, here goes:

Say you have accounts at US Bank. If you go to usbank.com, you will not have any problems. If you get an email saying it's from your bank and it's not, and you click a link which opens into a website that is not your bank, then you would have to be an idiot to enter your personal information.

Bottom line: don't be a fool. This feature is only for morons. If you use your bookmark for your bank's website, or even type it in manually, there is no reason to need the anti-phishing measures.

^x2

People have their identity and financial records stolen mainly because of stupid decisions like actually believing emails that say "Your account has been temporarily deactivated and we need your credit card number and SSN to reactivate it."

I have gotten this kind of email many times and it always makes me wonder how many people received the same exact email and actually fell for the scheme...

Be smart - rely on common sense, not on a newly implemented anti-phishing feature