What's new in v1.16.7?
• Email prompt in the popup is now hidden if a valid email has already been configured
• Reduced possible causes of false positives with credential leak detection
• Fixed compatibility with some sites
• Fixed crash when visiting some sites
• Protection against phishing sites — The Netcraft anti-phishing community is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community. As soon as the first recipients of a phishing mail report it, we can block it for all users of the extension providing an additional level of protection from Phishing. Netcraft processes reports of fraudulent URLs from a diverse variety of sources and proactively searches for new fraudulent sites.
• Credential leak detection – Even if you come across a shopping site skimmer that Netcraft has not yet detected, the extension can still work to protect your card details. Credential leak detection inspects outgoing requests on the fly, blocking them if they carry your sensitive data to potentially malicious external domains. The compromised site is then blocked and reported to Netcraft.
• Detailed site reports – simply click the Netcraft logo to access a wealth of information about the sites you visit, helping you to make informed choices about their safety.
• Risk Ratings – we evaluate the characteristics of the site and compare these against those depicted by fraudulent sites. The result is a simple visual summary displayed on the site report.
• Conveniently report suspected phishing & fraudulent sites – At the click of the button you can report suspected web forgeries to Netcraft, helping to protect the community. Netcraft operates an incentive scheme for Phishing site submissions, including iPads, backpacks, mugs, and more… https://news.netcraft.com/phishing-report-competition
• PFS indicator – check if sites using SSL for encryption support Perfect Forward Secrecy (PFS). PFS ensures that if the private key of the site is compromised – for example by a court order, social engineering, an attack against the site, or cryptanalysis – your historical encrypted traffic is still safe.
• Heartbleed indicator – check if sites are still using an SSL certificate that was potentially compromised by Heartbleed. The extension uses data from Netcraft's SSL Survey to determine whether a site offered the heartbeat TLS Extension prior to the Heartbleed disclosure. If this is the case, the extension will also check to see if the site's SSL certificate has been replaced; if it has not, then the site is considered to be unsafe, as the certificate's private key could have been compromised.
• Protection against cross site scripting (XSS) — The extension optionally traps XSS and other suspicious URLs which contain characters highly likely to deceive.
Find out more about the Extension, including detailed tutorials, FAQs, phishing statistics, and how to protect yourself from online fraud at: https://toolbar.netcraft.com
Netcraft is an Internet services company based in Bath, England. We provide a range of services relating to internet data analysis, defences against fraud and phishing, web application security testing, and automated network scanning. In particular, Netcraft’s anti-phishing services are very widely licensed, ultimately protecting hundreds of millions of people.