This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dictionary in URLBAR to protect against hackers attack

nintyfan
Making moves
‎06-12-2023 08:28 AM
Status: New idea

Some attacks are based on sending e-mail (or any medium for links) with link contains misspelled name: for example - mozila.com instead of mozilla.com. Way to protect is simple: integrate URLBAR with a dictionary. Additionally show tags bellow parts of url (separated by dot) like bank name, company name, etc. User may click on misspelled name and seen suggestions.

I am not person, who known DNS much, but as I remember DNS records do not contains registration date. If it does, check if domain was registered not long ago. Workaround if not: allow user to click button to check registration date.

1. Domain was not checked previously or not in DNS servers previously: Mozilla servers will asks DNS server if domain was registered. If does, it will remember date of request and return current date.

2. Domain was checked previously - Mozilla servers will reply with stored date in DB.

 

I known, this was two ideas, but I would not split it.

 

Why these solutions:

1. If hackers created domain looking similar to domain of big company, like Netfix.com, user seen that Netfix contains spelling error and click check registration date then

2. If hackers try to trick registration time mechanism and send request to check registration time of new domain, then wait some years and performs attack - this is not great solutions, because Mozilla employers could check registered domain and seen it will be probably used to perform attacks

3. Maybe create algorithm to found domains with similar names, but it requires to download DNS database time to time.

 

EDIT: Also, displaying notification if page is not in history and user do not private browsing currently. Something like: You are visiting this page for first time. Check if it is page you are believing it is. Click on lock icon, check certificate, etc.

Comment
3 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎06-12-2023 09:59 AM
‎06-12-2023 09:59 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

nintyfan
Making moves
‎06-13-2023 05:57 AM
‎06-13-2023 05:57 AM

I think it may be connected with page tags/description (metatags).

It build an array of words from tags/descriptions.

It get first character from url and search for first occurrence of any of first character from words in array. When compared, it delete each word, which n-th character from beginning of match not matching current character and repeat until first full-world-match. Next step it again will array of words and continue for searching. After done matching words from tags/description, it try to fill gaps with words from dictionary. After done, it could try to do similar algorithm m-times (as you decide), but with little differences (for example starting from y+1 character, where y was first character of first matched word).

 

In this case, we can distinguish some complicated url-parts, like dobreprogramy, nationalbank, 4programmers, etc. So we can find writing mistake in domain name. I am not very good programmer,  so my algorithm must be discuss. Sorry also for English mistakes.

nintyfan
Making moves
‎06-13-2023 06:03 AM
‎06-13-2023 06:03 AM

Sorry for writing too often. You could generate array of words also from title. Title, I think, is great way, because user will read title.

You should split words in urlbar, even with the same part of domain, like national (separator) bank.com .

Copyright © 2024 Khoros, LLC