New version of SpoofStick for Firefox
A new version of SpoofStick is out for Firefox. Version 1.05 addresses two of the most common recent user comments:
- Addresses the recently discovered Mozilla "IDN" vulnerability described at http://www.shmoo.com/idn/ .
- SpoofStick is now a draggable, resizable toolbar button.
As always, you can download the latest version from the SpoofStick home page.
We’ve just released a new version SpoofStick for Internet Explorer (v. 1.02) that addresses a newly discovered IE flaw described by this Secunia advisory. As always, you can download the latest version at the CoreStreet SpoofStick homepage.
The flaw is not present in FireFox, so no update to the FireFox version of SpoofStick is necessary.
For those of you keeping count, we’ve had over 130,000 downloads of SpoofStick since the official release three months ago.
[Update: Oooh, that’s an average of about one download every minute.]
SpoofStick on TV
Other recent SpoofStick coverage is on the CoreStreet SpoofStick homepage.
Washington Post reviews SpoofStick
SpoofStick is reassuring to have around, but it can't replace common-sense skepticism.
This is exactly right. We never intended SpoofStick to be a comprehensive solution for all the possible bad things that can happen while using your computer. SpoofStick is a straightforward tool that does one thing well: it cuts through the clutter of confusing, malicious or mislabeled URLs to tell you what web site you’re actually on. We were trying for simple and useful, and I think that’s what we got.
About 30,000 downloads so far. If anyone’s got suggestions for improvements, I’m all ears. All the other SpoofStick news can be found here.
Latest SpoofStick coverage and version
SpoofStick continues to make a mark on the net. The latest mentions are from Network World, the Kansas City Star, the St. Petersburg Times (the one in Florida, not Russia, but see below) and the Newark Star Ledger. PC World contributing editor Steve Bass gave SpoofStick a good mention in his June 2nd newsletter, but it’s not on-line yet. Steve called me a “forthright” guy, which will have to do until I can upgrade my title to at least “honorable” by getting elected mayor of something.
International mentions of SpoofStick include IT Union in Russian and ITP Technology in Arabic. I can’t read the Arabic article, but it has this screenshot of SpoofStick looking at the "it's only a flesh wound" scene from Monty Python and the Holy Grail. I don’t find this strange at all.
We also released a minor upgrade to the IE version of SpoofStick today. Version 1.01 has the following improvements:
- The installer is signed by an official CoreStreet digital certificate. This is one of those eat-our-own-dogfood type of features since we like to promote certificate use.
- There is a new option in the configuration menu that lets you display the whole hostname of a site, rather than just the domain name.
- The installer will now refuse to install on an operating system earlier than Win2k. I expect this to take care of most of our support requests. We’ll be adding Windows 95, 98 and ME support in an upcoming release.
- SpoofStick will now pop up a warning (often more than one) if it encounters a URL trying to take advantage of the ‘@’ flaw found in unpatched versions of IE. Since this is a well known (and corrected) Microsoft bug, SpoofStick will only issue a warning and reminder to install the latest IE patch.
As always, you can get the latest version of SpoofStick at the CoreStreet SpoofStick home page.
Finally, I have made a ‘SpoofStick’ category on Vastly Important Notes, so you can see all the posts about SpoofStick on one page. Some of you have made snide insinuations about SpoofStick elbowing out all other topics on this blog (I’m looking at you, “gavin”), so I’d like to direct your attention to the diverse bounty of vastly important content in the archives.
The Phisher King
Proving the adage that the simple wheel get the worm (err, that’s not right), the past three days have seen SpoofStick featured in The New York Times, Business Week and The Boston Globe. The Times even included a nice screenshot in the print version. We’ve had to increase our server bandwidth to handle the demand – around 20,000 copies have been downloaded so far.
I’m running dangerously low on “Phish” puns. Do the tech-media community a favor and send some in. Thanks to everyone who’s tried SpoofStick.
SpoofStick 1.0 is here
[Update June 04: If you came directly to this page from Brian’s Buzz, Brian Livingston’s newsletter, welcome! Please see my quick reply to Brian’s comments here. SpoofStick now has its own category where you can see all the latest news and coverage. If you feel like browsing my other articles, here’s the front page.]
The general release version (1.0) of SpoofStick is now available for download for both Internet Explorer and Firefox. The 1.0 version includes a standardized UI across both platforms and a much smaller installer for the IE version.
Many thanks to the over three thousand of you who tried out the beta versions, to the dozens that gave useful feedback, and to the handful of bottom-phishers that harvested the "spoofstick" email address and clogged up my mailbox with pr0n and important information about my eBay account. This last category of people, in particular, reminds me of why we do this.
Thanks also to the bloggers and journalists – amateur and professional – who helped spread the world. I'm especially gratified to see that some of them have screenshots of SpoofStick running on their browsers. It's always good to see proof that your software actually installs.
Here’s some of what the web had to say:
Jon Udell - InfoWorld (screenshot, great write-up and first external mention of SpoofStick!)
Chris Lindquist - CIO.com(nice article, and the title makes SpoofStick sound downright superheroic)
Adam Gaffin - NetworkWorldFusion
Mark Ayzenshtat - Marked for Dearth (also did the programming)
Asa Dotzler - Adot's Notblog* (Asa drives big traffic)
Under The Sun (first Bible quote associated with SpoofStick)
Tara Calishan - ResearchBuzz (helped debug the press release)
Robin Bloor - Bloor Research (SpoofStick made him switch to Firefox from IE)
Nick Codignotto - Primordial Ooze (screenshot)
Mozdev extension room
Chris Walken - talkaboutshareware.com (I'm pretending it's Christopher Walken)
inetinfo (with phish stick joke!)
John Ludwig - a little ludwig goes a long way
beaglebot - linkfilter.net
Of course, nothing can top the comment from Carol Baraoudi that I wrote about on May 3rd.
If Wishes Were Phishes
CoreStreet has officially released SpoofStick, a free anti-phishing utility for IE and Firefox today. Here’s the press release and previous discussion on this blog. The quote from Carol Baraoudi, super-perceptive author of the multi-million selling
Harry Potter The Internet for Dummies books says it all:
“I love SpoofStick,” said Carol Baraoudi, CEO of Baroudi Bloor International and author of the Internet for Dummies. “E-mail fraud is on the rise—innocent people are being duped every day— it makes me crazy. SpoofStick lets you see just where you're being taken - in every sense of the word. I want the world to be using SpoofStick. I want everybody using SpoofStick today!”
Some great press and blog coverage so far. I’ll round up the best in the next few days.
There isn’t anything new, so if you’ve got the latest beta versions (0.06), you don’t need to reinstall. Otherwise, download SpoofStick.
SpoofStick for IE is out
SpoofStick for Microsoft Internet Explorer is now available. SpoofStick is a simple, free browser plug-in that help keep users safe from spoofed websites and “phishing” scams by prominently displaying the actual domain name of whatever site you’re on.
SpoofStick has been available for the Mozilla Firefox browser for the past few weeks and has made a splash in the community. This version should work on IE 6 running on Microsoft Windows XP and 2000. The Firefox version will run on Windows, OS X and Linux.
These are beta versions, and we’d love to get your feedback. Please post your comments here, or send email to “spoofstick AT corestreet DOT com”.
This version (0.05) tweaks the size display settings to make the small size smaller, the large size larger and the medium size more medium. It’s also smarter about handling multiple-name URLs (like https://web.da-us.citibank.com/signin/citifi/scripts/login2/user_setup.jsp) and international domains (like http://www.ox.ac.uk/).
We’ve gotten some good feedback on SpoofStick in the past couple of days. To answer the most common question: yes, SpoofStick does work on a Mac with Firefox for OS X. Here’s proof:
Although, I thought you Mac users had too many post graduate degrees to be fooled by fake websites.
Thanks for all the feedback, and keep it coming.
Download SpoofStick v. 0.05 BETA for Mozilla Firefox here.