|
|
|
Audit Clears MS Phishing Filter as Privacy Risk
By: Ryan Naraine
2006-05-10
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
A third-party audit conducted by Jefferson Wells confirms that Microsoft's anti-phishing technology built into IE7 and the MSN Toolbar does not present a risk to user privacy.A third-party audit of the new phishing filter built into the Internet Explorer 7 browser and the MSN Toolbar has given the technology a thumbs up on the sensitive issue of user privacy.
Jefferson Wells International, an IT auditing group, has validated Microsofts assurances that the phishing filter does not transmit any personally identifiable information without explicit user consent and that any URL information sent from the users browser cannot be traced back to the surfers personal information.
The privacy thumbs up is a boost to Microsofts mission to market IE 7 as a major security overhaul with features to thwart identity theft and drive-by spyware and Trojan installations.
Microsoft has long insisted the technology does not present a risk to user privacy, but because it uses a mechanism that transmits data to a Microsoft Web service for authentication checks, the company felt the need to call in third-party auditors to verify its claims.
"We gave [the auditors] in-depth access to the technology and to the engineering team. After they studied the technology and interviewed the engineering team, they agreed that the claims we made about protecting your privacy are true and accurate," said Rob Franco, lead program manager for IE security at Microsoft.
In a blog entry announcing the audit results, Franco said Microsoft will repeat the audit periodically so that even if the service changes in some way, surfers will still have proof that the Web service protects user privacy.
In the MSN Toolbar implementation, an IE user that is tricked into visiting a known phishing scam site will be automatically blocked from entering personal information on the site. This is done via a client-side whitelist that stores phishing site data.
In IE 7, when the filter is turned on, every URL a user visits that is not on the client-side whitelist is transmitted to Microsofts servers to be checked. In the tool bar add-in, the service serves as an "early warning system" for suspicious Web sites and will provide two levels of color-coded warnings.
 Ziff Davis Media eSeminars invite: Join us on May 11 at 2 p.m. ET to learn critical best practices for e-mail and instant messaging applications, including tips on "hygiene" from Gartner.
Details on how the data is transmitted is not known, but according to the audit by Jefferson Wells, HTTP and HTTP Secure URLs transmitted for rating by the Phishing Filter client are limited to the domain and path only. "All other information in the URL is stripped," company officials said.
The auditors confirmed that the phishing filter client only transmits URLs when the user wants to manually provide feedback on a URL, when the URL is not found in the Phishing Filter local data files, or when the phishing filter client heuristics determine a site as suspicious.
Transmission of any and all URL information by the Phishing Filter client is over
SSL on the Internet, Jefferson Wells officials said.
 Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}ks6*�Q3{L=RJ64ԭRQ$$1H.I�˩'o�҃ldĶD�
th4���I"�nZΔ\saS?wQ@
Y>'w>{�g͂()o��1m�n�f],� _h���oL|N�x � tjOt0.Qk:�Z575ק4o/N~e0S�-:II>)6�j��9iݑ |i @I>R(Ñh]
](
Ѽ��e�}N'�J;�ߣWn�spSa_ʞ0�IYTb{�Aq2�5��;n3�w2`~�|%�k`T�xxHƶk�MmWW�*cOfn
m`㥨��aP`\�9t}�t#wJ;uy�'-�r'�f�]x#@oڮ�SVHf&ܲ;o� tG
oMb�u�ק&�X!
b�S�3Mu��Β_GBS Ig�K[a���V�#vRA'�ס"�g�ml_k|�uv�<$�~3�CoZeNDj%o�~�cn!Lj�Z�Ef>4�ؗCY͢.`F3l˸-:4
HS+VWR\m(Ƒr_�ӽ�lY~u��LqD18�,]evr`\\�oo:jj#1�ßR72TT�r[T�Qn�řl�:2X�
jXR7D_aQ��|�A`&:9�>SZ̛cqRO#Gs�>H2胎6mb8�-ֹ�"�
,70}HwHqI�4 Ix�٭�.lE%_�¤�<�9
fAk�i$�>6(Z\?`S
V�,C@B뎂9��{�ޚC�"�Qޚб4�a���q�j 8=�*~���=���{`� ���tǖ
&��SsaPB�<�JdN˵�K�}*@&>HHBt�"AђF��)�4� �g�cX"K"'ǏAo$odw$]Vi+RaD4�T*nO�u$]SwV*�2ڹLX)gQY,p[/)�͙J2d0u Q=b`&�Qea*0pRx5Qn-`oʑ5utDބdb��,a��C�t�H{la ��[T'$:'4$a.*dyJ0s��{"����7,kQ��χ�_V̚�=Q�] �kG2iB7��ƙeH|��B3} H8{luV<ۢfa* ,q[r�ׁ�fX8oȣ�=p
�TfЬr|�Y۶ۿh
|T&](\u�I�J&��k:HY3�j-yrD�rm
�־�O7�\EYbꁦq�H1g0dz?;V@q=1s�7R�tZ�C+>q^i:[@�Oe{kfTIn^ӛAr ~ޮ�R[k�ҁY�%��9&ۊxceƠ�umLGe+-m"��
IHf�(XKke�zlx8$&lU6L�E?
7FG=����0�R5J�Ȕm0+Ւ9,W�fn
����(��)r?\-j5��3XS:h�M>{ŧ!�C��/|��7��S�>�5
< ĉσ\׃RUaT$j]?�5SXe;;pMbA
�>ES-cB�L;$!O_'%Ex>�5ᚉ�1$o':!#D�E�~H��'�<\VaQ3Ɩ}4F�XXo�H]-'L͎�ƆR)ψP^Cs�2KTNj�Z|jGVQ=/YQwS��f��a
��"��S+0��j�7�p�e��ƁlݤS*'Ș-qVcY=��w7亢#ÏnR
wU�����tT#��C�Wt��a���X�]Q�iSڋ=-R�x�sm?WN_9b����:x�cqey�@8pᄙ@FSS؇dm/RkK*~e/M"XͿ8+C�b�QL�i^{p���)J;pL�j�� %J��x�+s�JbO�W2ETed�߆�Qy�Ϥ^[=� |b�Hp�FLk �0RKI�l�7xv@̬�1@:e۴s:i&2106E�-0P>\մJ
ߗ,09_�W>|6u8YWۄ�`,K7*u086�� LB1l�Oa*r1�_�J��[Lߴ'�@V1`{�7�=�;'�[�(4ϷQ��X9)6>a�(Z56Xk�<���v?)%\$*L3siS(j L:H$Ut�",#?�sy>�?UU�{My�R�̚,+A�jm>a,0r6n\X��^1S�2I*"EdR�8NY��XLjj_Ź�Z�kRWGF��/`"U!T�P�>xS_7)~(zC9km��u�a>�T�U]~T7mFRV�%~͋iI#Ǹ"ZAY_Mkɒ8��hs)p
/B0_\PF.^�l`^�ASV<^��ے#tK�7A(6�=B3tMnio�.ڗ���2�aI3M%�`
{iO,���3�#nƭj*\%T/IjEt�n:0n�ȔOYD[��A�:J&rOf�ss����``On{ܝ9�0�F4I[jYʠ5�ZV-�}'0��Y 8Z�rV�S�"YKrv�zJ��GrF2x�e�\x�O+�tS�N1ǷWX�\���tK�O%EDOC�Vi%�gX&�JU�f4A<8&o{W���Z]{��E D@D;n?%
?�S-l8-F�:~�ݕDw�{tO燤}P:k�� ��?�N�ٿ�n00�N0�0+V�H�LЇ_i�rD`Sk0.[�ltJj2�m&A)��xdQL�?jnW۫it0lg�a�hy# @4Qp 8I͏�eGJ:7_;�z��܉�, YG#�B\t 獦�
�Ak;d4)(�3~��0<㵑a3gDHۀ�h`�i3��N/Ns>\zA_j,8Eψa6�F4ڇ3kޚ�(
V�`!��1t|PV#� (ʑ�=`=����`
)>�\b/$��B�0F�_Th�)W4fu�Sxv9_9S�%j7"E'JN�AN�[ҷoDWs7�O|E�xW(���x,�VfsF;/��1?;)}�@O��N9]�~D�!g�Í7���E�٦�;7df&ubNL5�W"v=O[�?G0��cbQ�(S1|�$�zfeanKl�x8g%R蔈'='C8
z>RB'Դ
˓4/iY(eqjhd�ꒈ~�~(i&'ءؠ�۳��\/'8{�H�p.+R{sX`��M`l)ZQ!|�Nr
a=i_D�`e>R%;yQb}�b%h4eW&Bzc'��?<��'|'x1� �({GNF&ܱ
O�H1DL:n{��WT@(NEVuk7;�-,'�:]@�F�_�zϜGoYM2�1?);�3>^Y #�}�DK�,i�;�;��_彠P.Vp9c�|w=��lҿǥ·rt O.CҾ�vI�09J dj�BwOH4b5yÿ뢧 � �r;k_=#g䢅q+ɛޠj*=Yh�Gt?�Ko{ѧ}e��4�7tRT�sd{i6$B�UU+j�ۻ�A\8%r +wr62�Ӣ� �@7Yu��d3D?�yeВ11>onR;-�4z#x%( !AsI�U~�(�;_aO"J麇\%��(�]MZY|Hז%0)7uLvHa~M�sKXr�tx0F�s�cy�Ù�X)�[�3҄�)㞪*eطiC;$�vCv���t�.:�C�ta��~(,1pS+(Y5XL4@gɒ�9pE:�`yf/��`��Z9���J&oR'&�Κ J̗�OyMY�q�u|KCwdkB{�e�x�s�9M�NS6|p,uYD^d>��ԎC;ۊS;-g9jbb({,L^;n6r-X,Wx�T"tIJ]y�$R7h⪒Xa��V�:yM�)
gR�|YVK+%g6NcHoTjq.�P�X|X�9I�
~>"b�dbI8.ÆC��ȺMpd��=g+,U֦�\�4f5%�q�So2/�.oǡpעI�~"=ڌh,+��:Fl�<'W'�^o64�JNR�*'o�o9�S�Պt�S�.Cd%Gve�ɰ\ �qq�tI�0P:K\�7���8�H`�ƣtm�:P�Ep`" <ހDD�x�-8DaGhJi�h+�+^6.�x�*)�IUަ�p|J3|w(E^0�V�c+:C�U*@J%~g8'���?+�ux>���'k=N�ѐTU*2D��(�cJ1J�ʷM3Nhy|a��mۑjzF�=t9P!14�B"p,���RQ3�gS5C�;`]5K�˶T(&�(#]m<�/OzT�?IU%X5_7�tԋ52.!Zt�K&[p!�Ü$w�K�:i��^
j$u���F+Uy%p^}{m`_<:o?J7΅}>��7Ar�@�"��a0
�H�b]�]g�UR˛�pws9&78D}�y-.,>:UQ˥��!�ם|{�iKWgi%$4�}�j�{$�kQn4ʵ҄zM1e!
���s.�lD-A�-�[<�Lf1^L׀%'[%Nܹ`vk[:d o)#{*.`).Bx
m^QSiťjZ7a ��a��D%�,~%T]&LUdҫ/�x!bHMl.HLT�0VŃN+p�+րu��R0X tz40\j-���|73Uʣ��9^��0LATH�GqmjN��ףQ<&K�ʫ�A�Q<2'�c0Ϩ#
0��;m1"�i0s�)UR{C�Oo�4U!6;kYm���ݭplm֗v$$)u66MĮþp�,٩VLg0� �C�@RJ��� H�
��Z �%@�R
C�ro[E?j7nHws4s$�سх;uGʃV)��ݱiְQ~�9'ɹ9g�zm)|M�\!W{ЍK ߁Bt>�]/űv�1k~�q^D;6;7o*vjsc�o3u#�A۶Vx{�ŷi�c�Wul>#
/3�5y0�msm-6bVܽ+敲DE
-__��]&ɛ��@m5�Aɼ#�l$5Vfؐ'j%M"q0M_),✉fam�Of�%�_��vH5R�[
"KD"�+)z�^&=_}DŽ�|JMs-�E-~B#V�̮K{~i[�,c}ߒ`'�2�m/N�ړݔYİO[�X�ъÑBu}�ų�TQ�|s��vEt9jq�v{1k�{X0�&�@�grp�я"-pq�h���S�⯠œgV?q7|J��xbj9�fBMw
�n J�#(9?C�*�O2ūOXl�p�ì�f0u1ۿP'}fɷgw1^�cvU2S�ȏҟ`J~/4`=�u'<~/V"�&آc>ybugJ�ɤ�Q?(p���g{T@=Nk �\nv�O, =�Q`�Uňk/('>?�w*-&5>YG �K^b�,\���VM!�Aa{Ұ@g0�a��B6��w�}�9Dqx�vuNz@��+J]E��a�!/(�/Ȯ~�aI{Ž1&{Ϙ$�9�OI}͛xK� �+բP�~HZ�C �O��]�c)i��Ň�q��K&5\Iee3-�u{�(\2ΙTh,ZNt�Pĥ��c.ѝZMi%���`KZk�^g�YJ+Șz�<�Қ0&>�OE�U6'�a|Q�[|@*VH5i���7_֠�)|9}aZ˚bfē
^�v5�$OzYC송vn&�)kx�zJ2Kov�O�%٫35|0�,ɪ+>vԘܹh
p��:Ʋbr�/%q!.,�gc�0/';O`^hR�`L�qX*l �L�f�Zs~4�F:<Q-DJ)!7v,09́0���ǖCawUKpjY\TSWK'I0{j)�,�Gq5aw�ᷭ���kb$9)a��i7t�]k�t+��>K��[GP]'9@cL:F�s �ʒ�lfmmEUk)ַ�g%.0,%n�'3�#9�ݱ��X�0��dQq��߷�~m�>9`Vm$MZ�w�\S=@%�K��.&ڰ�bD))l3윶ACDטP�X��gg��n�yVmIz�.�kx�>a�
)U�(O5�U�UHD8A� �pf�~)1}�VL&`�Cqq�t�7%Z;P[�ٓ�8FF_
�6e^fGZI)MG)1}o ;cb31s>=��Z>��go|v3�Z�9q�.6&o��Cu&Yq�܄q�P��b�:�!_v
ȤRŻ�`Nj__לk(\~�NmS>\~
48䔟@3Y�}C�([hw7wO�iN9?t/sʡݜ2(~�O/�E�|Z��{���ˡo�ˡO��g�ß(9_~9P~S7([Ny�{909{ s#?0~9ׇs�?}/�r�q�WP*5u���A���o@?6�_�c^91�@9rߛ�orڿ�\'I9�s}�S)�Ju/*苼5rXB]7%{'sg+�I4��]a_[k+/Y;ᘴ[˺�rH+ȣ�_�K^浽$<$x�E£B+�g�ٔ�@#X{#uO'NW6#�ﹺKd^)WsU}Ӊ{ZŚ/�Yy:�qLkj�ȁ>�kvG"X�
ʽq>e)c�AR-c�#]q�8%���(G.�v�)�n7�pK|���SG0V;|*ţu>�xZLܸʒpoQ^"
#�"5 -'`<[`?�Z�n�am��'4`t/��{,�daSe�'�Xs/Us
!Qa0
�H=���ŁS�
;wMm=�$
9jhN_iR'sn �M]w
�n��&)xT-kZYoZԪ俒k$2������z@�L)KMjJUN��lժJR�L�3B��/(�@#غM{%}C7":fȳRLq�
�u+�J�!'\C�xO�өw�;fSdW2�dy3K aw8cokx;r$�I �Y8P&`)��؞.F^-Ƭ$�*�w� X`9ǤK�4l!%bn�1v��u¿�.г9,p&�ӄ�wY!Dۼ��x�4@�;4�Tr(9�?g��b�+s��`3b"�9�oٔ^^gC��΅*˗ X62�3�8�luy5o2��\4w[v|+�X<�ap[�b2� �B�Lw(u�/��x�&נ1�ΐ(�$2�çn3E ��a��m
:�И�Y�C�ɱ�(�
�kDF( �If�]�rw^w@P~��-߾
]h�P3xX:�20t�gG�|ם�Hچ뺺�wfhɯ
R�O^�!��M�O�-$
�fB~nےzTǓxO���d⟒'N*M�0O�2#0�g M̮kfAj?��r��z��s2x�Lx �E% ?/xv�/�G�&�lm�1`=G(Q�O�K:;s3U9֒�_./gw�;K{K9[(�(&�]�a1Jqi:ȥIG�*�9"%
oPm��<%����*`>=.�X&";�>m�<'.}Nu;I' �"@2drt�Pŗ�;׳9�
Mm'#8�"�>ؾ�mQF��ϟpml�.�;
+C�&bz:SA\W��(9|�d@NlMˬljNīc� :۳|�?��O�Ge Lt<^B/7QgJ��B /ɮx*��@WD0;"�����ys�KE�&(Xp\gA6Ιَz!w>G-]�X��xk�͜'K@0mѵ@Y�mw0o1`��/#}^&S`H{!]R>ǔ+�
]'[ۧ3�й?-R7/��d�e;͌�_��{��QFb�݊s�h݆G��O0ޏq۷�PV�|@��xS�a�r=c:psz26
��v�Qm`#xaW�Ai`P,�l�p/>S�wOp�`2[﮳~�N϶p2$Ӿ82��"�$$zo,�Ma4,Lb5��"[]'QI�8`R�vX�3��"@a)5~d�n�~3�f<�4W�6AĶq��ytʵ-���ˉ=�F�/m.^s6٭Û+[TcdX$_֬�LE"�)40�OΊ�=� z�Bk|F�XK�]s!&t̵a}ar8Lt4Qs|�J9Km)胇�Ƚoz�`Z��]x�
Ϭ10YdW�PэY�-f�1%Dv$8ґCC^BTf�Ʋ��"7cP!X�]-nB@:S ��.x C��,$��ˋ�}P�cyx ŧ$�NSM1}��әf�_yfȅ�0,#6|�N�n0tY�kh
?X�Yr({O<|;�X�yt(1ډ']f*FRq�OR|?��)>_�ol-/=nT^Q�)Z�i'�AHc]OO/e={`o����g�>p7*O�Ѡ,jU
z' 4mEgl3��W'
\/mu;Ǎo=��F駰e9VU>\J�RSk45Z�ϦO*L���kq�>lgLp�-�ϱeRZ`l/Z?-&��
|
Network Security & Hardware 
