• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • iPhone 3.1 Safari Fraud Warning: FAIL or WIN?


    Apple added an anti-phishing feature to Safari in the 3.1 release. Called Fraud Warning (it's in Settings->Safari->Security), the modification was released with little fanfare (or explanation), and it appears that there may be confusion about how it works.

    Computerworld reported on two anti-malware researchers who had taken a look at users who had implemented the feature and found it gave inconsistent results with known malicious sites. On Wednesday, Michael Sutton, the vice president of security research at Zscaler told Computerworld "[i]t was blocking nothing." On Thursday, he said, "it started blocking some sites, for some users, but it was inconsistent. Some sites are being blocked, others are not."

    Sutton noted that it appeared to be due to the fact that users were getting updates of the blacklist inconsistently. Safari uses Google's SafeBrowsing API, which provides applications access to the blacklist database that Google maintains. Sutton found different versions of the list, or none at all.

    Jim Dalrymple at the Loop may have discovered the cause of the inconsistency. He sent a request for more information to Apple after hearing of users' experiences with Fraud Warning, and got the following response:
    Safariís anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there arenít any additional data fees. After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone.
    It's unclear if the researchers interviewed in the Computerworld piece had set up the iPhones properly. In any regard, the perception of a botched anti-malware measure is damaging in and of itself. Ideally, the details of the process should have been made more transparent from the outset.

    Fortunately, those of us who are waiting to upgrade have time to educate ourselves...
    This article was originally published in forum thread: iPhone 3.1 Safari Fraud Warning: FAIL or WIN? started by Paul Daniel Ash View original post
    Comments 16 Comments
    1. The Maestro's Avatar
      The Maestro -
      We must wait and educate :-P
    1. JustinPizzle's Avatar
      JustinPizzle -
      my girlfriend decided it would be a good idea to put her aim screen name and password into a aim phishing site lol

      so i got a spam from her giving me the link to the malware, i was on my phone, and nothing poped up. (i wanted to test the "fraud warning") but nothing.

      later that night, i gave her a link to a funny picture, she said whats this? i said ill tell you what its not, a phishing site.

      ill never let her live that down lol :P
    1. robbpell's Avatar
      robbpell -
      it may not be the best but a crappy start is better than nothing right?
    1. Jahooba's Avatar
      Jahooba -
      People should know by now not to give out their personal information over the internet. Every other commercial on TV is for "Lifelock" or about identity theft. If you don't know by now to be careful you must be living under a rather heavy rock.
    1. howlett15's Avatar
      howlett15 -
      Quote Originally Posted by The Maestro View Post
      We must wait and educate :-P
      This is the best 1st response comment i think i have seen on this site... everyone always has to add that they were 1st and usually say something unrelated to the topic but no not you, you came up with a catchy little rhyme, i like rhymes. Thank you


      Anyway, good bit of information, i will be sure to do this when i update.
    1. chemalito's Avatar
      chemalito -
      Quote Originally Posted by Jahooba View Post
      People should know by now not to give out their personal information over the internet. Every other commercial on TV is for "Lifelock" or about identity theft. If you don't know by now to be careful you must be living under a rather heavy rock.

      100% Agree

      I guess thats the best of the Jailbreak comunity, we wait, and while waiting, the tricks are revealed. Keep waiting and learn!!!
    1. iphonefreakify's Avatar
      iphonefreakify -
      well i hope it(3.1) let me jailbreak it, then i'll do the same
    1. StealthBravo's Avatar
      StealthBravo -
      fail
    1. keysloser's Avatar
      keysloser -
      Quote Originally Posted by robbpell View Post
      it may not be the best but a crappy start is better than nothing right?
      I think that pretty much sums the launch of the first iPhone OS...
    1. dale1v's Avatar
      dale1v -
      lol, 1.0.x was fun.
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      Quote Originally Posted by Jahooba View Post
      People should know by now not to give out their personal information over the internet. Every other commercial on TV is for "Lifelock" or about identity theft. If you don't know by now to be careful you must be living under a rather heavy rock.
      You got that right.
    1. A_DuB187's Avatar
      A_DuB187 -
      I'm not sure what to make of this. I want to say it's a fail but who knows.
    1. e10100's Avatar
      e10100 -
      This is confusing...
    1. rwin84's Avatar
      rwin84 -
      At any rate it is an attempt to protect the users of the iphone. Whether or not its 100% perfect its a move in the right direction for the number one used smartphone in the WORLD!
    1. mdc929's Avatar
      mdc929 -
      Quote Originally Posted by The Maestro View Post
      We must wait and educate :-P
      Quote Originally Posted by howlett15 View Post
      This is the best 1st response comment i think i have seen on this site... everyone always has to add that they were 1st and usually say something unrelated to the topic but no not you, you came up with a catchy little rhyme, i like rhymes. Thank you


      Anyway, good bit of information, i will be sure to do this when i update.
      agreed lol
      best 1st response comment ive seen
    1. leletyM3's Avatar
      leletyM3 -
      Not liking that feature!