iPhone 3.1 Safari Fraud Warning: FAIL or WIN?

**Paul Daniel Ash** · 09-12-2009, 08:48 PM

Apple added an anti-phishing feature to Safari in the 3.1 release. Called Fraud Warning (it's in Settings->Safari->Security), the modification was released with little fanfare (or explanation), and it appears that there may be confusion about how it works.

Computerworld reported on two anti-malware researchers who had taken a look at users who had implemented the feature and found it gave inconsistent results with known malicious sites. On Wednesday, Michael Sutton, the vice president of security research at Zscaler told Computerworld "[i]t was blocking nothing." On Thursday, he said, "it started blocking some sites, for some users, but it was inconsistent. Some sites are being blocked, others are not."

Sutton noted that it appeared to be due to the fact that users were getting updates of the blacklist inconsistently. Safari uses Google's SafeBrowsing API, which provides applications access to the blacklist database that Google maintains. Sutton found different versions of the list, or none at all.

Jim Dalrymple at the Loop may have discovered the cause of the inconsistency. He sent a request for more information to Apple after hearing of users' experiences with Fraud Warning, and got the following response:

Safari’s anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren’t any additional data fees. After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone.

It's unclear if the researchers interviewed in the Computerworld piece had set up the iPhones properly. In any regard, the perception of a botched anti-malware measure is damaging in and of itself. Ideally, the details of the process should have been made more transparent from the outset.

Fortunately, those of us who are waiting to upgrade have time to educate ourselves...

**The Maestro** · 09-12-2009, 08:55 PM

We must wait and educate :-P

**JustinPizzle** · 09-12-2009, 09:16 PM

my girlfriend decided it would be a good idea to put her aim screen name and password into a aim phishing site lol

so i got a spam from her giving me the link to the malware, i was on my phone, and nothing poped up. (i wanted to test the "fraud warning") but nothing.

later that night, i gave her a link to a funny picture, she said whats this? i said ill tell you what its not, a phishing site.

ill never let her live that down lol :P

**robbpell** · 09-12-2009, 09:59 PM

it may not be the best but a crappy start is better than nothing right?

**Jahooba** · 09-12-2009, 10:08 PM

People should know by now not to give out their personal information over the internet. Every other commercial on TV is for "Lifelock" or about identity theft. If you don't know by now to be careful you must be living under a rather heavy rock.

**howlett15** · 09-12-2009, 10:10 PM

Originally Posted by The Maestro

We must wait and educate :-P

This is the best 1st response comment i think i have seen on this site... everyone always has to add that they were 1st and usually say something unrelated to the topic but no not you, you came up with a catchy little rhyme, i like rhymes. Thank you

Anyway, good bit of information, i will be sure to do this when i update.

**chemalito** · 09-12-2009, 10:29 PM

Originally Posted by Jahooba

People should know by now not to give out their personal information over the internet. Every other commercial on TV is for "Lifelock" or about identity theft. If you don't know by now to be careful you must be living under a rather heavy rock.

100% Agree

I guess thats the best of the Jailbreak comunity, we wait, and while waiting, the tricks are revealed. Keep waiting and learn!!!

**iphonefreakify** · 09-13-2009, 12:48 AM

well i hope it(3.1) let me jailbreak it, then i'll do the same

**StealthBravo** · 09-13-2009, 12:53 AM

fail

**keysloser** · 09-13-2009, 01:28 AM

Originally Posted by robbpell

it may not be the best but a crappy start is better than nothing right?

I think that pretty much sums the launch of the first iPhone OS...

**dale1v** · 09-13-2009, 04:21 AM

lol, 1.0.x was fun.

**awesomeSlayer** · 09-13-2009, 08:28 AM

Originally Posted by Jahooba

People should know by now not to give out their personal information over the internet. Every other commercial on TV is for "Lifelock" or about identity theft. If you don't know by now to be careful you must be living under a rather heavy rock.

You got that right.

**A_DuB187** · 09-13-2009, 10:36 AM

I'm not sure what to make of this. I want to say it's a fail but who knows.

**e10100** · 09-13-2009, 04:28 PM

This is confusing...

**rwin84** · 09-13-2009, 04:44 PM

At any rate it is an attempt to protect the users of the iphone. Whether or not its 100% perfect its a move in the right direction for the number one used smartphone in the WORLD!

**mdc929** · 09-28-2009, 10:29 AM

Originally Posted by The Maestro

We must wait and educate :-P

Originally Posted by howlett15

This is the best 1st response comment i think i have seen on this site... everyone always has to add that they were 1st and usually say something unrelated to the topic but no not you, you came up with a catchy little rhyme, i like rhymes. Thank you

Anyway, good bit of information, i will be sure to do this when i update.

agreed lol
best 1st response comment ive seen

**leletyM3** · 09-28-2009, 12:54 PM

Not liking that feature!

Thread: iPhone 3.1 Safari Fraud Warning: FAIL or WIN?

LinkBack

Thread Tools

Display

iPhone 3.1 Safari Fraud Warning: FAIL or WIN?

The Following User Says Thank You to The Maestro For This Useful Post:

Posting Permissions