lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 03 Jan 2007 10:58:55 +0100
From: Steve Clement <steve@...alhost.lu>
To: php0t <php0t@...ro.hu>
Cc: full-disclosure@...ts.grok.org.uk, phoenix.diablo@...glemail.com
Subject: Re: Google's blacklisted url database (phishing
 url database)

php0t wrote:
>   How exactly does such data get captured? Somebody placed a link
>   
Well the poster of the password link would've done better explaining how 
goog mines the data instead of easily disclosing valid e-mail passwords.

This shows yet again how crucial it is to use throw-away passwords that 
you can use for badly coded web sites that disclose passwords plain-text 
in the URL.

It's not really Googles' fault if some people don't know how 
web-security basics work. They grab the web, crawl it hideously and find 
all of it, including sensitive data.

As to whether the Blacklist should be public or not is up to personal 
believes. I for one think that it should be publicly available to have 
at least a good static reference of the most commonly used phishey sites...

thanks for the fish and

Goodbye!

Steve


> somewhere with the url having the user/password in it ? What would be
> the point of that? And if not, where did that come from? I peeked at
> http://www.google.com/tools/firefox/safebrowsing/faq.html to learn more
> but it only has obvious info.
>   




-- 
     __o   | Steve Clement - Unix System Administrator 
   _ \<,_  | Current Location: Luxembourgr/Europe
  (_)/ (_) | "Work to Eat, Eat to Live, Live to Bike, Bike to Work"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ