Home > Articles > Locationbar² – an add-on against phishing

Locationbar² - an add-on against phishing

October 19th, 2007
Goto comments

A new add-on for firefox is one that managed to attract a lot more attention than they usually do. The add-on is called Locationbar². What it does is it makes the addresses in the location bar easier to read and understand what they mean.

Let’s say I go to google and search for "pizza" (just because I’m hungry), what I see is:

    http://www.google.lt/search?hl=lt&q=pizza&btnG=Google+Paieška&meta=

When I do the same with Locationbar², I see this:

    www.google.lt   /search?hl=lt&q=pizza&btnG=Google+Paieška&meta=

The subdomain is colored grey, while parts of the domain, "google.com" and "search", are regular black. This helps recognize phishing sites, which have been a big problem recently. Let’s say I go to a phishing site, the first one I saw on the frontpage of phishtank.com. The particular site tries to immitate citibank.com. What I normally see in the location bar is this:

    http://web.da-us.citibank.com.ro.38aca76e087.com/citifi/scripts/login2/error.html

Not too suspicious -  you can see the ".com" after "citibank". What you see with Locationbar² is this:

    web.da-us.citibank.com.ro.388aca76e087.com   /citifi/scripts/login2/error.html

The subdomain, web.da-us.citibank.com.ro. is grey and the actual domain,388aca76e087.com, is black, making it fairly easy to recognize the scam: who could think of "www.38aca76e087.com" as a legitimate site?

My initial worries were that this URL re-working would lead to me having difficulties when copy+pasting addresses, but I was proven wrong: when you float the cursor above the URL, it comes back to normal form.

Even though this is a great and user-friendly feature indeed, there has been some controversy surrounding the add-on, probably the most-pointed-out flaw being that Locationbar is not customizable enough, for example I saw two subsequent posts under a review on mozilla.org, one saying that you should be allowed to disable the percent-encoding-decoding feature and the other one about how you should be allowed to keep ONLY the feature mentioned. Another problem mentioned is the lack of compatibility with other software, such as Well Rounded.

All those minor  setbacks aside, I personally find the add-on fairly useful.

Articles

  1. No comments yet.
  1. No trackbacks yet.