<div><A href="http://sb.google.com/safebrowsing/update?versio=goog-black-url:1:0000">http://sb.google.com/safebrowsing/update?versio=goog-black-url:1:0000</A></div> <div>version info for each file:</div> <div>---------------------------------------------------<BR>[goog-black-enchash 1.15525]<BR>[goog-black-url 1.7755]<BR>[goog-sandbox-text 1.5]<BR>[goog-white-domain 1.19]<BR>[goog-white-url 1.371]<BR>-----------------------------------------------------</div> <div><BR>interpolating "goog-sandbox-text" gives this URL:</div> <div><A href="http://sb.google.com/safebrowsing/update?version=goog-sandbox-text:1:7753">http://sb.google.com/safebrowsing/update?version=goog-sandbox-text:1:7753</A></div> <div>which sends:</div> <div>------------------------------------------------<BR>[goog-sandbox-text 1.5]<BR>+sandbox function%20getHandlers%28%29%7Breturn%5B%5D%7D%0A%3B%0A%0A<BR>------------------------------------------------</div>
<div>Oooh look, a hard-coded hash function. Paydirt ;)</div> <div> </div> <div><A href="http://sb.google.com/safebrowsing/update?version=goog-white-domain:1:7753">http://sb.google.com/safebrowsing/update?version=goog-white-domain:1:7753</A></div> <div>This one's presumably the white-listed domains:</div> <div> </div> <div><BR><BR><B><I>moniker monikerd <monikerd@gmail.com></I></B> wrote:</div> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR><SPAN class=gmail_quote></SPAN>i see only two possible ways for google to get this kind of data.<BR><BR>google toolbar<BR>or it buys/gets this information from some isp/companies/anybody with a big enough pipe ..<BR> <DIV><BR> <BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid"> <DIV><SPAN class=e id=q_10fe5f8309a08028_1> <DIV><SPAN class=gmail_quote>On 1/2/07, <B
class=gmail_sendername>php0t</B> <<A onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:php0t@zorro.hu" target=_blank>php0t@zorro.hu</A>> wrote:</SPAN> <BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid"> <div><BR> How exactly does such data get captured? Somebody placed a link<BR>somewhere with the url having the user/password in it ? What would be<BR>the point of that? And if not, where did that come from? I peeked at<BR><A onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.google.com/tools/firefox/safebrowsing/faq.html" target=_blank>http://www.google.com/tools/firefox/safebrowsing/faq.html</A> to learn more<BR>but it only has obvious info.<BR><BR><BR><BR>-----Original Message-----<BR>From: <A onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:full-disclosure-bounces@lists.grok.org.uk"
target=_blank>full-disclosure-bounces@lists.grok.org.uk </A><BR>[mailto:<A onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:full-disclosure-bounces@lists.grok.org.uk" target=_blank>full-disclosure-bounces@lists.grok.org.uk</A>] On Behalf Of JM<BR>Sent: Tuesday, January 02, 2007 11:17 PM <BR>To: <A onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:full-disclosure@lists.grok.org.uk" target=_blank>full-disclosure@lists.grok.org.uk</A><BR>Subject: Re: [Full-disclosure]Google's blacklisted url database<BR>(phishing url database)<BR><BR>I just played around a bit with those lists and as it seems, Google did <BR>a splendid job, even capturing some people's login data. Like here:<BR><A onclick="return top.js.OpenExtLink(window,event,this)" href="http://sb.google.com/safebrowsing/update?version=goog-black-url:1:7753" target=_blank>http://sb.google.com/safebrowsing/update?version=goog-black-url:1:7753 </A><BR><BR>Regards,<BR>J.M.<BR>Professional
Lurker<BR><BR>>[By] "Rajesh Sethumadhavan" <<A onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:rajesh.sethumadhavan@yahoo.com" target=_blank> rajesh.sethumadhavan@yahoo.com</A>><BR>>[Date] Dienstag, 2. Januar 2007 18:42 <BR>>[To] <A onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:full-disclosure@lists.grok.org.uk" target=_blank>full-disclosure@lists.grok.org.uk</A><BR>>[Subject] [Full-disclosure] Google's blacklisted url database (phishing <BR>url<BR>>database)<BR>><BR>> It is possible to access google`s blacklisted url database ( phishing<BR>> url database )<BR>><BR>> <A onclick="return top.js.OpenExtLink(window,event,this)" href="http://sb.google.com/safebrowsing/update?version=goog-black-url:1:1" target=_blank>http://sb.google.com/safebrowsing/update?version=goog-black-url:1:1 </A><BR>> <A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://sb.google.com/safebrowsing/update?version=goog-black-url:1:7998" target=_blank>http://sb.google.com/safebrowsing/update?version=goog-black-url:1:7998 </A><BR>><BR>><A onclick="return top.js.OpenExtLink(window,event,this)" href="http://sb.google.com/safebrowsing/update?version=goog-white-domain:1:19" target=_blank> http://sb.google.com/safebrowsing/update?version=goog-white-domain:1:19</A><BR>,goo<BR>>g-white-url:1:371,goog-black-url:1:7693,goog-black-enchash:1:15282<BR>><BR>><BR>> This database (Part of Google Safe Browsing) can be used in any <BR>> anti-phishing commercial softwares :)<BR>><BR>> Regards<BR>> Rajesh Sethumadhavan<BR>> <A href="http://www.xdisclose.com">http://www.xdisclose.com</A></div></SPAN></BLOCKQUOTE></DIV></DIV></BLOCKQUOTE></DIV></BLOCKQUOTE><p> __________________________________________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around
<br>http://mail.yahoo.com