[Full-disclosure] Google's blacklisted url database (phishing url database)
Ronald MacDonald
ronald at rmacd.com
Thu Jan 4 14:56:10 GMT 2007
> > 12. What information is sent to Google when I enable the Enhanced
> Protection Feature?
> >
> > When enabled, the entire URL of the site that you're visiting will be
> securely transmitted to Google for evaluation. In addition, a very condensed
> version of the page's content may be sent to compare similarities between
> authentic and forged pages. For example, if the condensed 'fingerprint' of
> the page you are visiting matches the 'fingerprint' of a popular bank's site
> but the page's URL is different, that's a good sign that the page you are on
> is designed to mislead users.
<snip>
well, there we go - that's google's response to the problem, and I
suppose it's hardly google's fault if we use crap passwords anyway.
BUT at the same time, it springs to mind, why would google opt for a
mechanism which sends all of this information, in plain text, to the
client? surely it would be possible to run the site checking mechanism
server-side, and if not, at least make it a bit more difficult to get
to the data?
I didn't spend too much time reading how the information was gathered,
but I'm guessing it was just your standard interception through a
paraos-type proxy. However, this begs the question of how much
personal data google should be allowed to store - let *alone* send it
to other users of the internet.
Regards,
Ronald.
--
Ronald MacDonald
http://www.rmacd.com/
0777 235 1655
Full-Disclosure is hosted and sponsored by Secunia.