lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Jan 2007 16:56:31 +0800
From: "Am Razak" <pinangs@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Google's blacklisted url database (phishing
	url database)

Sent to the wrong place.... sorry.

On 1/4/07, Am Razak <pinangs@...il.com> wrote:
>
> Checked Google page
>
>   it says that entire URL will be transmitted to Google. If the site
> authentication is posted on the URL, it will be captured by google.
>
> GOOGLE SAYS......
> 12. What information is sent to Google when I enable the Enhanced
> Protection Feature?
>
> When enabled, the entire URL of the site that you're visiting will be
> securely transmitted to Google for evaluation. In addition, a very condensed
> version of the page's content may be sent to compare similarities between
> authentic and forged pages. For example, if the condensed 'fingerprint' of
> the page you are visiting matches the 'fingerprint' of a popular bank's site
> but the page's URL is different, that's a good sign that the page you are on
> is designed to mislead users.
>
> If you disable Enhanced Protection, no information about the pages you
> visit will be sent to Google unless you visit a page Google Safe Browsing
> identifies as potentially unsafe. In this case, we will only send the action
> you choose to take to help refine our anti-phishing algorithms. Please note
> that enabling Enhanced Protection gives the Google Safe Browsing extension
> access to the most up-to-date fraud information about each page you visit.
>
> Please see our Privacy Notices<http://www.google.com/tools/firefox/extensions_privacy.html>for privacy information regarding Google Safe Browsing
>
>
>
> On 1/4/07, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> >
> > Stan Bubrouski wrote:
> >
> > > You're forgetting that gmail has a feature to report phishing
> > > messages, that alone could give google quite a list of phishing sites
> > > given its userbase.
> >
> > _And_ the "Report Web Forgery..." option in Firefox' Help menu also
> > reports the suspect URL to Google at:
> >
> >    http://www.google.com/safebrowsing/report_phish/
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ