[Full-disclosure] Google's blacklisted url database (phishing url database)
Am Razak
pinangs at gmail.com
Thu Jan 4 08:56:31 GMT 2007
Sent to the wrong place.... sorry.
On 1/4/07, Am Razak <pinangs at gmail.com> wrote:
>
> Checked Google page
>
> it says that entire URL will be transmitted to Google. If the site
> authentication is posted on the URL, it will be captured by google.
>
> GOOGLE SAYS......
> 12. What information is sent to Google when I enable the Enhanced
> Protection Feature?
>
> When enabled, the entire URL of the site that you're visiting will be
> securely transmitted to Google for evaluation. In addition, a very condensed
> version of the page's content may be sent to compare similarities between
> authentic and forged pages. For example, if the condensed 'fingerprint' of
> the page you are visiting matches the 'fingerprint' of a popular bank's site
> but the page's URL is different, that's a good sign that the page you are on
> is designed to mislead users.
>
> If you disable Enhanced Protection, no information about the pages you
> visit will be sent to Google unless you visit a page Google Safe Browsing
> identifies as potentially unsafe. In this case, we will only send the action
> you choose to take to help refine our anti-phishing algorithms. Please note
> that enabling Enhanced Protection gives the Google Safe Browsing extension
> access to the most up-to-date fraud information about each page you visit.
>
> Please see our Privacy Notices<http://www.google.com/tools/firefox/extensions_privacy.html>for privacy information regarding Google Safe Browsing
>
>
>
> On 1/4/07, Nick FitzGerald <nick at virus-l.demon.co.uk> wrote:
> >
> > Stan Bubrouski wrote:
> >
> > > You're forgetting that gmail has a feature to report phishing
> > > messages, that alone could give google quite a list of phishing sites
> > > given its userbase.
> >
> > _And_ the "Report Web Forgery..." option in Firefox' Help menu also
> > reports the suspect URL to Google at:
> >
> > http://www.google.com/safebrowsing/report_phish/
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070104/de6842d9/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.