Thanks man for using the PhishTest system, that’s really cool. And now here is my really long paragraph about the default phishing filter for all who give a care.

Mozilla took the easy way out with their phishing filter. Why do I say this? Because their phishing filter was really an extension. Seriously. When google started making extensions, they made one called Google SafeBrowsing. This extension made silent requests to google’s database (every 30 min to download a feed like the one big XML data file that phishtank has has [and store the google feed in memory, thus taking more RAM]) and would see if the site is phishing or not. Later, Google Bundled the Extension with their Google Toolbar, and Mozilla desided that they liked Google SafeBrowsing and asked Google to “donate” it to Mozilla. It was later added to the Firefox code in version 2.0.

Yeah, but it all depends on data that is updated every 30 min (however, there is one javascript file in google safebrowsing that suggests that the site can be individually looked up after the url being encoded to what seems 3 times).

It’s best to have two anti-phishing systems as that way you have a fallback if one of them fails to catch a site.

Yeah SiteChecker is like SiteAdvisor but for phishing sites and it’s less obtrusive and big. And it doesn’t natively steal your data (despite what the license currently says [It’s being updated for the new method]).

I just tried one of the random sites which the PhishTankSiteChecker site passes to you, so you can test the widget once it’s installed…

… Now understand, I hadn’t actually installed it at this point…

… And Firefox came up with its own warning:

“Suspected Web Forgery

This page has been reported as a web forgery designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other fraud.

These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust. You can find out more about how Firefox protects you from phishing attacks. [the ‘how Firefox protects you’ is hyperlinked.]

Get me out of here! Ignore this warning [both hyperlinked]”

And below, a small ‘This isn’t a web forgery’ link, which I didn’t click. The ‘how Firefox protects you’ link, however, goes to http://en-us.www.mozilla.com/en-US/firefox/phishing-protection/.

Now, I never even knew that FF2 does this! I still think I’ll install SiteChecker though.

That’s nothing to do with SiteChecker.

If firefox doesn’t handle cookies to your liking, take a look at the CookieSafe extension - it does for cookies what NoScript does for javascript. It has an option to reject third-party cookies.

Please explain