Thoughts from the identity age -- By Phil Libin

« Too-Frequent Flyer Part 1 – Intro | Main | Getting the definition right »

Smack web spoofers with SpoofStick

Identity “phishing” and spoofed websites are a big problem for IT security and brand management these days.  There are several heavyweight technical proposals to make it harder for attackers to steal identity information by faking websites and emails, but the problem will continue to grow until the industry coalesces around some standards.  CoreStreet has come up with a simple way for users to detect when they might be on a spoofed website, and we’re making it available for free.  We call it SpoofStick™

SpoofStick is a small browser extension that prominently displays the domain name of the website you’re currently visiting.  That’s it.  Most current “spoofing” attacks entail tricking a user into following a mislabled link (like this one to http://www.cnn.com/) and then hoping that some percentage of visitors won’t decipher the complex URL to figure out that they’re not in Kansas anymore.  SpoofStick makes it easy to foil this type of attack because it clearly shows you only the most important information about where you are.  Like this:

spoofstick-screen.jpg

Instead of trying to figure out if this is a real eBay url:

http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn&UsingSSL= 0&pUserId=&ru=http%3A%2F%2Fcontact.ebay.com%2Fws1%2 FeBayISAPI.dll%3FShowCoreAskSellerQuestion%26requested% 3Ddominicsmusic%26de%3Doff%26iid%3D3711129021%26frm %3D284%26acceptcookie%3D0%26loginconfirmed%3D0%26re direct%3D0%26pass%3D%7B_pass_%7D%26userid%3D&pp=p ass&co_partnerid=2&pageType=711"

Just let SpoofStick do the work for you. 

Spoofstick isn’t a very high-tech, comprehensive solution, but it’s a good start.  The goal was to solve 50% of the problem.  I’m going to install it on my parents’ computer and sleep a bit easier at night.  Instead of learning how to pattern recognize HTTP syntax, all they’ll have to do is check SpoofStick every time they enter any information into a website.

SpoofStick is currently available in BETA form, and only for Mozilla Firefox.  An IE version is around the corner.  SpoofStick is free and currently unsupported.  Nobody at CoreStreet is responsible if anything bad happens while you’re using SpoofStick – or at most other times, for that matter.  Please email comments or suggestions to spoofstick@corestreet.com.

Download SpoofStick v. 0.04 BETA for Firefox here.

[Thanks to my brother, Mark Ayzenshtat for doing most of the heavy lifting on this release.]

April 5, 2004 | Permalink

Comments

What about a Safari version for us MAC users :)?

Posted by: allan | Apr 6, 2004 10:42:00 AM

That makes so much sense, I can't believe no one ever did it before. Yo, Bill Gates, are you listening?

A recommendation: perhaps you could have the color of the text in your browser bar turn to red when the url displayed on the address line in the browser does not match the real domain name?

Posted by: Marc | Apr 7, 2004 10:19:04 AM

No immediate plans for a Safari version, although SpoofStick does work well on FireFox running on a Mac.

Posted by: Phil Libin | Apr 7, 2004 11:31:20 PM

"Yo, Bill Gates, are you listening?"
That pretty shows how serious this solution might be? Not to discredit the creator of this, but usually whenever I see such comments it reminds me the slashdot and its monkies. That's really a good way to discredit someone's work.

Posted by: Allan | Apr 8, 2004 6:59:51 PM

Hey, i took it as a compliment. SpoofStick is not supposed to be a “serious” solution - just a simple and reasonably effective one. I figure it solves about 50% of the problem – and it’s free.

Posted by: Phil Libin | Apr 8, 2004 8:55:47 PM

But what about addresses like
http://zdnet.com.com/2100-1105_2-5190209.html ?
SpoofStick says "You're on com.com", but I think people would like to see they are on zdnet.com

Posted by: Martijn | Apr 13, 2004 3:41:24 AM

I just saw that. Need to figure out what the right behavior should be. The question is who is "responsible" for com.com?

Posted by: Phil Libin | Apr 13, 2004 11:39:27 AM

The domain “com.com” is registered to CNET networks, so SpoofStick’s behavior in this case is correct. We could make a special case for this kind of thing, but that smells like security trouble in the long run.

Posted by: Phil Libin | Apr 13, 2004 11:21:12 PM

I first installed spoofstisk about three months ago after reading about it in smart computing magizine....I just loved it...........Then all of a sudden it was gone...I get the small config icon and thats all...I have add/remove several times with no luck...Any ideas????If you have a suggestion can you send it to jdueme@citlink.net..IE-6...XP home..768 ram.

Posted by: Jack | Feb 2, 2005 10:45:06 PM

I agree with Marc's comment: why not use a color code in the address bar? Or a small icon that changes. Going by the screenshot, I would not install it, since it takes up too much of my screen.

Posted by: RB | Feb 9, 2005 7:29:04 AM

I think this is great..I just added it to the tool bar were address are and it lets me know I'm were I'm suppost to be. Thanks.

Posted by: Mona | Jul 17, 2005 9:12:59 AM

Um...I have tried to go to download website to get spoofstick and there seems to be a problem...no website comes up but the generic page saying cannot find this site. Any ideas is the site down or moved to another URL?

Posted by: RM | Feb 11, 2006 1:59:26 PM

I'm getting the same results Mona. Are they down?

Thanks For Any Replies

Posted by: GB | Feb 18, 2006 6:26:24 PM

 
Can just one post be enough? Try the other Archives.