Full Disclosure mailing list archives
Re: Google's blacklisted url database (phishing url database)
From: "Ronald MacDonald" <ronald () rmacd com>
Date: Thu, 4 Jan 2007 14:56:10 +0000
12. What information is sent to Google when I enable the EnhancedProtection Feature?When enabled, the entire URL of the site that you're visiting will besecurely transmitted to Google for evaluation. In addition, a very condensed version of the page's content may be sent to compare similarities between authentic and forged pages. For example, if the condensed 'fingerprint' of the page you are visiting matches the 'fingerprint' of a popular bank's site but the page's URL is different, that's a good sign that the page you are on is designed to mislead users.
<snip> well, there we go - that's google's response to the problem, and I suppose it's hardly google's fault if we use crap passwords anyway. BUT at the same time, it springs to mind, why would google opt for a mechanism which sends all of this information, in plain text, to the client? surely it would be possible to run the site checking mechanism server-side, and if not, at least make it a bit more difficult to get to the data? I didn't spend too much time reading how the information was gathered, but I'm guessing it was just your standard interception through a paraos-type proxy. However, this begs the question of how much personal data google should be allowed to store - let *alone* send it to other users of the internet. Regards, Ronald. -- Ronald MacDonald http://www.rmacd.com/ 0777 235 1655 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google’s blacklisted url database (phishing url database) Rajesh Sethumadhavan (Jan 02)
- Re: [Full-disclosure] Google’s blacklisted url database (phishing url database) JM (Jan 02)
- Re: Google's blacklisted url database (phishing url database) php0t (Jan 02)
- Message not available
- Re: Google's blacklisted url database (phishing url database) moniker monikerd (Jan 02)
- Re: Google's blacklisted url database (phishing url database) Rajesh Sethumadhavan (Jan 03)
- Re: Google's blacklisted url database (phishing url database) Stan Bubrouski (Jan 03)
- Re: Google's blacklisted url database (phishing url database) Nick FitzGerald (Jan 03)
- Message not available
- Re: Google's blacklisted url database (phishing url database) Am Razak (Jan 04)
- Re: Google's blacklisted url database (phishing url database) Ronald MacDonald (Jan 04)
- Re: Google's blacklisted url database (phishing url database) php0t (Jan 02)
- Re: [Full-disclosure] Google’s blacklisted url database (phishing url database) JM (Jan 02)
- Re: Google's blacklisted url database (phishing url database) Raymond Dijkxhoorn (Jan 03)
- Re: Google's blacklisted url database (phishing url database) Steve Clement (Jan 03)
- Re: Google's blacklisted url database (phishing url database) Valdis . Kletnieks (Jan 03)