I invite you install Comitari-Free; provides client side protection

   printf ("Stay tuned, FF and Chrome versions will be released in a few

Hello list, If (IE User){ I invite you install Comitari-Free; provides client side protection against ClickJacking, LikeJacking and other UI Redressing attacks. } else{ printf ("Stay tuned, FF and Chrome versions will be released in a few weeks"); return; } Comitari homepage: http://www.comitari.com/ Comitari Alert: http://twitter.com/Comitari Kind Regards, Narkolayev Shlomi. Visit my blog: http://Narkolayev-Shlomi.blogspot.com<http://narkolayev-shlomi.blogspot.com/>

     I invite you install Comitari-Free; provides client side protection

    printf ("Stay tuned, FF and Chrome versions will be released in a

Hi Shlomi, Is there any online documentation of how comitari does what it does? For example, the phishing detection is it black-list based or do you use some other kind of technique? Best Regards Nick Nikiforakis On Sun, Feb 27, 2011 at 12:25 PM, Shlomi Narkolayev <shlominar@gmail.com>wrote: > Hello list, > > If (IE User){ > > I invite you install Comitari-Free; provides client side protection > against ClickJacking, LikeJacking and other UI Redressing attacks. > } > else{ > > printf ("Stay tuned, FF and Chrome versions will be released in a > few weeks"); > return; > } > > Comitari homepage: > http://www.comitari.com/ > > Comitari Alert: > http://twitter.com/Comitari > > > > Kind Regards, > Narkolayev Shlomi. > > Visit my blog: http://Narkolayev-Shlomi.blogspot.com<http://narkolayev-shlomi.blogspot.com/> > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > >

     I invite you install Comitari-Free; provides client side

    printf ("Stay tuned, FF and Chrome versions will be released in a

Hello Nick, We are using a patent pending algorithm. Our technology isn't based on black lists. Unfortunately currently I can't elaborate about the phishing & pharming algorithm. I invite you visit our website for more information, and follow our social pages. - http://www.comitari.com/Frequently_asked_questions, http://www.comitari.com//userfiles/file/comitari_web.pdf - http://twitter.com/Comitari - We call it "Comitari Alert", we publish some of the pages we have identified as malicious web pages. - http://www.facebook.com/pages/Comitari-Technologies/180099968683830 Surf safely, Narkolayev Shlomi. Visit my blog: http://Narkolayev-Shlomi.blogspot.com On Sun, Feb 27, 2011 at 8:34 PM, Nick Nikiforakis < nikiforakis.nick@gmail.com> wrote: > Hi Shlomi, > > Is there any online documentation of how comitari does what it does? For > example, the phishing > detection is it black-list based or do you use some other kind of > technique? > > Best Regards > Nick Nikiforakis > > On Sun, Feb 27, 2011 at 12:25 PM, Shlomi Narkolayev <shlominar@gmail.com > > wrote: > >> Hello list, >> >> If (IE User){ >> >> I invite you install Comitari-Free; provides client side >> protection against ClickJacking, LikeJacking and other UI Redressing >> attacks. >> } >> else{ >> >> printf ("Stay tuned, FF and Chrome versions will be released in a >> few weeks"); >> return; >> } >> >> Comitari homepage: >> http://www.comitari.com/ >> >> Comitari Alert: >> http://twitter.com/Comitari >> >> >> >> Kind Regards, >> Narkolayev Shlomi. >> >> Visit my blog: http://Narkolayev-Shlomi.blogspot.com<http://narkolayev-shlomi.blogspot.com/> >> >> _______________________________________________ >> The Web Security Mailing List >> >> WebSecurity RSS Feed >> http://www.webappsec.org/rss/websecurity.rss >> >> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA >> >> WASC on Twitter >> http://twitter.com/wascupdates >> >> websecurity@lists.webappsec.org >> >> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >> >> >

     I invite you install Comitari-Free; provides client side protection

    printf ("Stay tuned, FF and Chrome versions will be released in a

On 28 February 2011 10:56, Shlomi Narkolayev <shlominar@gmail.com> wrote: If (IE User){ > > I invite you install Comitari-Free; provides client side protection > against ClickJacking, LikeJacking and other UI Redressing attacks. > } > else{ > > printf ("Stay tuned, FF and Chrome versions will be released in a > few weeks"); > return; > } > missing ) after argument list (line 1) We are using a patent pending algorithm. Our technology isn't based on black > lists. Unfortunately currently I can't elaborate about the phishing & > pharming algorithm. > I stopped reading here.

     I invite you install Comitari-Free; provides client side

    printf ("Stay tuned, FF and Chrome versions will be released in a

Dear Shlomi, Thanks for your reply. I decided to try Comitari Free and I can't say that I was impressed. I installed the plugin and I visited comitaritest.t35.com which is a fake PayPal page that I created specifically for testing your product. Unfortunately your product didn't detect it as a phishing page even though I didn't make any attempts to obfuscate PayPal's HTML or images. The only modification I actually did to PayPal's HTML code was to change the form's target to a local (non-existing) PHP page that would serve to gather the credentials for later use. You can try it yourself. Screenshots of my results are available here: http://securitee.org/files/images/comitari1.PNG http://securitee.org/files/images/comitari2.PNG I actually also tried it a known PayPal phishing page (from phishtank.com) and it also didn't detect that. Regards Nick Nikiforakis On Mon, Feb 28, 2011 at 6:24 PM, gaz Heyes <gazheyes@gmail.com> wrote: > On 28 February 2011 10:56, Shlomi Narkolayev <shlominar@gmail.com> wrote: > > If (IE User){ >> >> I invite you install Comitari-Free; provides client side >> protection against ClickJacking, LikeJacking and other UI Redressing >> attacks. >> } >> else{ >> >> printf ("Stay tuned, FF and Chrome versions will be released in a >> few weeks"); >> return; >> } >> > > missing ) after argument list (line 1) > > > We are using a patent pending algorithm. Our technology isn't based on >> black lists. Unfortunately currently I can't elaborate about the phishing & >> pharming algorithm. >> > > I stopped reading here. > > >

     I invite you install Comitari-Free; provides client side

    printf ("Stay tuned, FF and Chrome versions will be released in a

Hello Nick, *Comitari free* ( http://www.comitari.com/Comitari-Free_ClickJacking_Protection) is protectes against ClickJacking, Like-Jacking and other UI Redressing attacks only. *The full version* (http://www.comitari.com/Web_Protection_Suite) provides protection against phishing, pharming, CSRF (Internet & Intranet application, Intranet network equipment attacks like DNS Rebinding), XSS, ClickJacking, File Stealing using browser abusing, Buffer Overflow on browser and browser's plugins. In next release we'll protect against Key Loggers. Kind Regards, Narkolayev Shlomi. Visit my blog: http://Narkolayev-Shlomi.blogspot.com On Mon, Feb 28, 2011 at 8:54 PM, Nick Nikiforakis < nikiforakis.nick@gmail.com> wrote: > Dear Shlomi, > > Thanks for your reply. I decided to try Comitari Free and I can't say that > I was > impressed. I installed the plugin and I visited comitaritest.t35.com which > is > a fake PayPal page that I created specifically for testing your product. > Unfortunately > your product didn't detect it as a phishing page even though I didn't make > any > attempts to obfuscate PayPal's HTML or images. The only modification I > actually > did to PayPal's HTML code was to change the form's target to a local > (non-existing) > PHP page that would serve to gather the credentials for later use. > > You can try it yourself. Screenshots of my results are available here: > > http://securitee.org/files/images/comitari1.PNG > http://securitee.org/files/images/comitari2.PNG > > I actually also tried it a known PayPal phishing page (from phishtank.com) > and it > also didn't detect that. > > Regards > Nick Nikiforakis > > > On Mon, Feb 28, 2011 at 6:24 PM, gaz Heyes <gazheyes@gmail.com> wrote: > >> On 28 February 2011 10:56, Shlomi Narkolayev <shlominar@gmail.com> wrote: >> >> If (IE User){ >>> >>> I invite you install Comitari-Free; provides client side >>> protection against ClickJacking, LikeJacking and other UI Redressing >>> attacks. >>> } >>> else{ >>> >>> printf ("Stay tuned, FF and Chrome versions will be released in a >>> few weeks"); >>> return; >>> } >>> >> >> missing ) after argument list (line 1) >> >> >> We are using a patent pending algorithm. Our technology isn't based on >>> black lists. Unfortunately currently I can't elaborate about the phishing & >>> pharming algorithm. >>> >> >> I stopped reading here. >> >> >> > >