Anti-phishing measures already turning up in Safari 3 builds

[AppleInsider]

Security enhancements that will protect users of Apple Computer's forthcoming Safari 3.0 Web browser from malicious websites have already begun to appear in the latest builds of the company's next-generation Leopard operating system.

According to published reports, the "anti-phishing" features, first described by AppleInsider last week, are accessible to developers testing the latest pre-release distribution of Leopard, build 9A283.

Through interaction with Google's AntiTrust database, Safari 3.0 is able to automatically detecting "phishy" or deceitful website URLs. It then notifies the user via a dialog box, webpage overlay, or a combination of the two.

"This webpage is fraudulent. You should close it immediately," reads a dialog box that pops up in pre-release builds of the browser. "Google has identified this webpage as fraudulent. Do not enter any personal information on this page."

Also new to Leopard in build 9A283 are significant user interface changes to iCal, 3D audio cues in VoiceOver, live*previews*in*print*panels, basic document editing in Preview.app, and the ability to restore groups and subgroups in AddressBook with Time Machine.

Additionally, Apple said Spotlight search technology in the latest builds includes support for *PDF,*HTML,*Web*Archives,*Text, QuickTime movies*and*sound in "Quick Look" view. Time*Machine*snapshots*are*searchable*through*Spot light, the company told developers.

Safari 3.0 anti-phishing measures | Photo credit: TUAW

Meanwhile, iChat in Leopard now allows Spotlight Previews to be streamed in iChat Theater mode and gives users the ability to replace background video effects.

[ View this article at AppleInsider.com ]

[Kickaha]

Cool*beans*love*the*rumors.

[mbaynham]

*notice the integration with google*

i like...

[kim kap sol]

A ridiculous amount of work went into Safari since 10.4. The upgrades to Safari in 10.4 point updates have absolutely nothing to do with what's going on behind the scenes with Webkit or even the upcoming Safari 3.0.

In a way, I wish all (or most of) the Webkit changes will make it into the last update to Safari 2.x.

Safari 3.0 will be a pleasant browser if only because it'll incorporate all the Webkit changes to date...but the anti-phishing feature will be great for unsuspecting users and the new search feature looks great.

[kim kap sol]

Quote:

Originally Posted by mbaynham

*notice the integration with google*

I don't know what kind of contract Apple has with Mapquest but I hope Address Book kicks Mapquest out and makes room for maps.google.

[ecking]

Quote:

Originally Posted by AppleInsider

Meanwhile, iChat in Leopard now allows Spotlight Previews to be streamed in iChat Theater mode

Why? What the hell is the point of showing someone my spotlight search?

[Feynman]

Quote:

Originally Posted by mbaynham

*notice the integration with google*

i like...

It has never really been Apple's style to do that so it wouldn't surprise me if they changed it to "Apple has identified..."

[bluedalmatian]

i wish they'd improve the multithreading in safari.

[Kickaha]

Quote:

Originally Posted by Feynman

It has never really been Apple's style to do that so it wouldn't surprise me if they changed it to "Apple has identified..."

OTOH, Google has a pretty good reputation *outside* the Mac community, so it would likely make the general populace comfortable with it as well. ie, switchers.

[TednDi]

In other news:

Microsoft sucks!

IE 7 has flaws!

http://secunia.com/advisories/22477/

[DeaPeaJay]

Is Inquisitor part of Safari 3 now? Or is that just the dude's safari who took the screenshot?

[reallynotnick]

Man I would come back to Safari if only they would have a extension system like FireFox. I just love too much to customize FireFox to my liking. I have the Safari theme installed on it though so I forget it is some windows open source non Apple App.
FF 2.0 RC3 is just too nice.

[Shookster]

It would be nice if this wasn't integrated into the browser but was a part of the operating system itself to stop other programs accessing those URLs (e.g. spyware). This would make OS X even more secure.

[Kickaha]

I suspect it's in WebKit, in which case, it *will* be in most apps... assuming they use WebKit, which most that need web support do.

[aresee]

Quote:

Originally Posted by Feynman

It has never really been Apple's style to do that so it wouldn't surprise me if they changed it to "Apple has identified..."

Or they can pass the lawsuits on to Google.

[rebel_without_a_pc]

I find it ironic that the pic shows Safari logging into eBay-- seeing as how eBay is the reason that my Dad stopped using Safari; Safari's back button does not load search ebay results correctly because it always starts at the top of the page so you lose your place.

[sjk]

Teach your Dad to use tabs?

[sjk]

Quote:

Originally Posted by kim kap sol

I don't know what kind of contract Apple has with Mapquest but I hope Address Book kicks Mapquest out and makes room for maps.google.

You can already ignore Mapquest by using Brian Toth's Google Maps Plugin for Address Book instead.

[Feynman]

Quote:

Originally Posted by sjk

You can already ignore Mapquest by using Brian Toth's Google Maps Plugin for Address Book instead.

Anyone else wonder where this came from? (look to the left where you see the Notes in yellow and a picture of a map). Is that Apple's very own integration of mapping or a supped up Google Maps?

[Kickaha]

Could be a dropped image... in fact, given that it is a map of a campground, that's my bet.

[Feynman]

Quote:

Originally Posted by Kickaha

Could be a dropped image... in fact, given that it is a map of a campground, that's my bet.

Sure it could be but notice how it just blends in with the default yellow background? No mapping service I know of offers offers that kind of transparency and I don't think it was a CoreImage effect either. Their screenshots for Mac OS X are suppose to appeal to the average user not an Illustrator guru who knows how to make a detailed map for a camping trip...

[walshbj]

It would be bad if they overloaded Preview with features. Its fast load time is one of its primary benefits.

[Louzer]

Woohoo! Anti-phishing tools! Too bad all they do is check a list of bad sites, which, usually, are taken down once they're found out, anyway. Basically, it won't stop people if the site isn't on the 'bad' list yet.

[MacCentric]

Quote:

Originally Posted by Louzer

Woohoo! Anti-phishing tools! Too bad all they do is check a list of bad sites, which, usually, are taken down once they're found out, anyway. Basically, it won't stop people if the site isn't on the 'bad' list yet.

Are you sure? What if they also combined the 'bad' list with a list of known good sites for different companies/websites. I.e. If the site has EBay in it and a sign in and password field, if the url is not http://*.ebay.com flag as possible fraud.

I'm sure they would have no problem getting companies to submit information to the list especially for a company as big and reputable as Google.

[meelash]

Quote:

Originally Posted by rebel_without_a_pc

I find it ironic that the pic shows Safari logging into eBay-- seeing as how eBay is the reason that my Dad stopped using Safari; Safari's back button does not load search ebay results correctly because it always starts at the top of the page so you lose your place.

Works fine for me. And I use it a lot. I assume you're talking about when you search, scroll down to some spot and click on an item then later "back" up to that page? You just have to wait until the page loads completely (the address bar gets unhighlighted) and it will go to the spot you were on before.

[meelash]

What I'm concerned about is false hits. What about sites that are okay and get placed on the list? How do you go about getting "off" the list so people will visit your site again? And if it becomes common to get these kind of messages on sites where there isn't really a danger, than people will get desensitized to the messages. Kind of like the security warnings or the "unsigned drivers" warnings in Windows- nobody actually reads them, they just hit "Okay" automatically when something like that pops up.

I think part of the solution can be that, rather than the kind of message in the screenshot, Safari can just not Autofill the forms on the page and give a message to the effect "Safari did not Autofill the forms because.... etc." and give a confirmation message if the user manually enters some info and hits "Enter".

[matracer]

wow just downloaded inquisitor...this is cool!!!!!! like the black search results pain...mmmmm black gui in leopard me thinks.

http://www.apple.com/downloads/macos...nquisitor.html

[icfireball]

Did the anti-phishing feature get dropped in the release Leopard?

[Dave K.]

Apparently it was dropped from Leopard.

I thought it was a neat idea but it had privacy concerns. Does one really want to send each and every URL they click on to Google?

[icfireball]

Quote:

Originally Posted by Dave K.

Apparently it was dropped from Leopard.

I thought it was a neat idea but it had privacy concerns. Does one really want to send each and every URL they click on to Google?

That didn't stop firefox. The other option was to use a downloaded blacklist that updates twice an hour or something. Besides though, according to the privacy policy, Google doesn't store any info about where the URL came from.

[mdriftmeyer]

Quote:

Originally Posted by icfireball

That didn't stop firefox. The other option was to use a downloaded blacklist that updates twice an hour or something. Besides though, according to the privacy policy, Google doesn't store any info about where the URL came from.

And Telcos don't sell your private contact information even after Congress adds you to a no-call list.

Get used to be backhanded by companies, especially a company like Google whose sole business model centers around information.