PhOff Home

Welcome to the home of the
Anti-Phishing, Anti-Pharming, Anti-SpooPhing
FireFox Extention

Ph-Off

Click on this button to install the extension

This is alpha code and may destroy your computer, if it does I take no responsibility.
(it really shouldn't be able to do any damage and it's worked great for all of our testers so far.)

Read on to learn more about the Ph-Off extension

This extension is for use with the OpenID Authentication protocol. It provides a way for a user to know that they are really at their I-Broker (idp) not at a spoof site. It should work equally well with url or i-name identifiers as long as the I-Broker uses ssl.

The point of this extension is to give the user a STRONG visual cue when they are entering their password that they are, in fact, at the right place. The cue is meant to be STRONG because the user must notice its absence if they are directed to a spoof site.

Here's what I mean:

Here I am browsing yahoo.com in FireFox. You can tell by the thumbs down icon to the left of the address bar that I have Ph-Off installed. Other than the Ph-Off Icon you see no difference in FireFox from usual... Until... You go to your OpenID Login page...
When you go to your login page the entire menu bar turns green. This will ONLY happen when you are at your specified I-Broker. If you are ever asked to login, and your menu bar has NOT turned green you are being attacked!!

In the next version:

I will add an easier way to setup your I-Broker. This will probably be that I will just prompt for your i-name (or url) do resolution and work out the 'right' i-broker automatically.

If we have a better way to 'lock-in' the I-Broker then we don't need the button... I think we lose it.

Add some checking and visual cues for sites that look like your login page but do not have the right ssl cert. (so you have something other than the absence of a cue)

Known Problems (will fix soon):

In the setup instructions it says that you should 'left click' on the icon bar to customize it. It should say 'right click'.

If you have other ideas contact me by clicking here: =andy.dale

This page is provided by Andy Dale of ooTao Inc.
Learn more at www.ooTao.com