SSO No Phishing โดย kang
ทดลองทดลอง
Detects if a site is trying to phish your Mozilla IAM SSO credentials and automatically blocks it
คุณต้องมี Firefox เพื่อใช้ส่วนขยายนี้
Metadata ส่วนขยาย
เกี่ยวกับส่วนขยายนี้
This web extension will:
1) Give clear, trusted, positive feedback that you're on the correct login page
It will change the theme color of Firefox temporarily (to green) when you're entering your credentials on a white-listed domain (i.e. a domain that is authorized to handle your credentials). This list can be customized in the extension's preferences if necessary.
2) Detect when your credentials are sent to a site that isn't white-listed
It will capture and record a salted hash of your credentials the first time you enter them after the extension was installed. It then monitors for data posted to websites and if anything matches your credential hash, it will prevent Firefox from sending the credentials. For example if you enter your Mozilla LDAP credentials on a site that isn't using Mozilla IAM SSO for example, it will prevent the credentials from being sent and warn you about it.
SECURITY RELEVANT INFORMATION: The detection is opportunistic and there are known ways to bypass the detection. While it will most likely detect most phishing attempts, an advanced attacker could work around this protection.
This second option can be turned off in the extension preferences.
1) Give clear, trusted, positive feedback that you're on the correct login page
It will change the theme color of Firefox temporarily (to green) when you're entering your credentials on a white-listed domain (i.e. a domain that is authorized to handle your credentials). This list can be customized in the extension's preferences if necessary.
2) Detect when your credentials are sent to a site that isn't white-listed
It will capture and record a salted hash of your credentials the first time you enter them after the extension was installed. It then monitors for data posted to websites and if anything matches your credential hash, it will prevent Firefox from sending the credentials. For example if you enter your Mozilla LDAP credentials on a site that isn't using Mozilla IAM SSO for example, it will prevent the credentials from being sent and warn you about it.
SECURITY RELEVANT INFORMATION: The detection is opportunistic and there are known ways to bypass the detection. While it will most likely detect most phishing attempts, an advanced attacker could work around this protection.
This second option can be turned off in the extension preferences.
ให้คะแนนประสบการณ์ของคุณ
สิทธิอนุญาตเรียนรู้เพิ่มเติม
ส่วนเสริมนี้ต้องการ:
- ล้างประวัติการเรียกดู, คุกกี้ และข้อมูลที่เกี่ยวข้องล่าสุด
- เข้าถึงแท็บของเบราว์เซอร์
- เข้าถึงข้อมูลของคุณสำหรับเว็บไซต์ทั้งหมด
ข้อมูลเพิ่มเติม
- ลิงก์ส่วนเสริม
- รุ่น
- 1.1.8
- ขนาด
- 47.68 KB
- อัปเดตล่าสุด
- 6 ปีที่แล้ว (30 ก.ค. 2019)
- หมวดหมู่ที่เกี่ยวข้อง
- สัญญาอนุญาต
- Mozilla Public License 2.0
- ประวัติรุ่น
เพิ่มไปยังชุดสะสม
บันทึกประจำรุ่นสำหรับ 1.1.8
- Phishing detection is now optional (default on), when turned off no credentials are captured or hashed and they're no longer compared with post'd data during web browsing
- Phishing detection now uses a full screen page warning instead of a notification + theme color change. The page also links to a place that explains what phishing is
- Phishing detection more reliably block requests
- Credential hash for phishing detection is now additionally salted
- Phishing detection now uses a full screen page warning instead of a notification + theme color change. The page also links to a place that explains what phishing is
- Phishing detection more reliably block requests
- Credential hash for phishing detection is now additionally salted
ส่วนขยายเพิ่มเติมโดย kang
ยังไม่มีการจัดอันดับ- ยังไม่มีการจัดอันดับ
- ยังไม่มีการจัดอันดับ
- ยังไม่มีการจัดอันดับ
- ยังไม่มีการจัดอันดับ
- ยังไม่มีการจัดอันดับ