Monday, August 28, 2006
Tripod Phishing
F-Secure has a post pointing out that Tripod isn't doing a good job preventing obvious phishing sites from being hosted on their free service. Now if this were a small free hosting service it would not be a big surprise, but Tripod has been around for many years. I used to even have a site there long enough ago I hardly remember it.
Still a small number phishing sites isn't that unbelievable (of course there could be plenty others Google didn't index). Clearly if they were doing nothing they would be full of these scam pages. But from Google's cache, the dates on the current three I saw are the 17th, 22nd, and 24th. That is up to eight business (12 total) days to catch the earliest of them and all three are still up. See them in Google while you can.
I checked out some of the competition (MSN, Yahoo, Geocities, GooglePages, and Blogspot) using similar searches.
Of those searches, I found only one other page. The lucky host was Blogspot, though this wasn't nearly as bad as the others. It was only a splog not a phishing site and they have already removed the account.
F-Secure has a poll asking, "Should free hosting companies try to detect Phishing sites hosted on their servers?" The answer is clear to me. If the free hosts don't do it they will quickly be known for not caring and be over run with scam sites. Hosting that much garbage certainly won't make their business look very professional. Out of the first about 1000 responses, currently almost 90% agree with me that it is the free hosts responsibility to at least try.
Still a small number phishing sites isn't that unbelievable (of course there could be plenty others Google didn't index). Clearly if they were doing nothing they would be full of these scam pages. But from Google's cache, the dates on the current three I saw are the 17th, 22nd, and 24th. That is up to eight business (12 total) days to catch the earliest of them and all three are still up. See them in Google while you can.
I checked out some of the competition (MSN, Yahoo, Geocities, GooglePages, and Blogspot) using similar searches.
Of those searches, I found only one other page. The lucky host was Blogspot, though this wasn't nearly as bad as the others. It was only a splog not a phishing site and they have already removed the account.
F-Secure has a poll asking, "Should free hosting companies try to detect Phishing sites hosted on their servers?" The answer is clear to me. If the free hosts don't do it they will quickly be known for not caring and be over run with scam sites. Hosting that much garbage certainly won't make their business look very professional. Out of the first about 1000 responses, currently almost 90% agree with me that it is the free hosts responsibility to at least try.
