Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:45 AM
Connect Directly

PhishTank Looks to Expand

PhishTank's operators are looking for a few good developers to expand and grow the anti-phishing site

PhishTank, the neighborhood watch Website for phishing exploits, is preparing to cast a wider net.

The community-watch anti-phishing site has opened up the site to developers to help it expand and improve on key features, such as how it reports phishing exploits to affected ISPs.

"I want PhishTank to be the best site it can be," says David Ulevitch, CEO of OpenDNS and the founder of PhishTank. Ulevitch has put out an all-points-bulletin for developers to step up and help carry PhishTank to the next level. (See Phishers Launch Zero-Day Exploits and A First Look Into the PhishTank.)

PhishTank has grown from around 2,400 active members in its first month to more than 10,000 after three months. It's tough to gauge exactly how much PhishTank has made an impact in the phish fight, but PhishTank has found more than 35,000 phishes thus far. It's gotten some key commercial attention as well: PhishTank is integrated into the latest version of the Opera browser; and Mozilla used PhishTank data in its comparison testing of Firefox's anti-phishing feature versus Internet Explorer 7's.

PhishTank's approach is different than other anti-phishing initiatives, because users post fishy items to the indie site, and PhishTank "verifiers" -- which include Ulevitch himself -- determine and vote on whether it's a phish and report back with their results and alerts. This approach lets users and consumers become part of the anti-phishing process.

The downside is it's still a blacklisting strategy, which spammers now bypass using botnets, notes Tod Beardsley, lead counter-fraud engineer for TippingPoint. That has led anti-spam efforts to start conducting more content-analysis to stem spam, he says.

"I like PhishTank, and I like OpenDNS. I know that their product has been working well, and rivals the commercial blacklist services that are out there," he says. But "my hope is that this expansion is really an effort to get going in that analysis direction, since merely expanding the blacklists isn't going to cut it for much longer."

Ulevitch, meanwhile, says the time has come to beef up PhishTank. He's heard rumblings on mailing lists for new features and upgrades, including simplifying the verification process, for instance. "I'm looking for fresh perspectives, so we're bringing in outside folks that might bring in fresh energy and ideas."

Does this mean Ulevitch and OpenDNS would hand off the management of PhishTank to another organization? "We're happy to keep it. But ultimately, PhishTank will be best if a community of people shape its direction and drive its features."

Which "community" might adopt PhishTank? It's not clear. "It's a lot of hassle to build a nonprofit, but there are Internet organizations out there that are good at adopting projects," he notes.

PhishTank is looking for both experienced and newbie developers who want to work on its PHP and MySQL environments, and Ulevitch says he expects this to increase its collaboration with other anti-phishing projects. "We frequently share information with CastleCops," he says. "By opening PhishTank to outside developers, the end result will be more collaboration" with other such initiatives.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • OpenDNS Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Navigating Security in the Cloud
    Diya Jolly, Chief Product Officer, Okta,  12/4/2019
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-12-07
    The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
    PUBLISHED: 2019-12-06
    In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
    PUBLISHED: 2019-12-06
    In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
    PUBLISHED: 2019-12-06
    In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
    PUBLISHED: 2019-12-06
    n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...