lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Thu, 4 Jan 2007 16:56:31 +0800
From: "Am Razak" <pinangs@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Google's blacklisted url database (phishing
	url database)

Sent to the wrong place.... sorry.

On 1/4/07, Am Razak <pinangs@...il.com> wrote:
>
> Checked Google page
>
>   it says that entire URL will be transmitted to Google. If the site
> authentication is posted on the URL, it will be captured by google.
>
> GOOGLE SAYS......
> 12. What information is sent to Google when I enable the Enhanced
> Protection Feature?
>
> When enabled, the entire URL of the site that you're visiting will be
> securely transmitted to Google for evaluation. In addition, a very condensed
> version of the page's content may be sent to compare similarities between
> authentic and forged pages. For example, if the condensed 'fingerprint' of
> the page you are visiting matches the 'fingerprint' of a popular bank's site
> but the page's URL is different, that's a good sign that the page you are on
> is designed to mislead users.
>
> If you disable Enhanced Protection, no information about the pages you
> visit will be sent to Google unless you visit a page Google Safe Browsing
> identifies as potentially unsafe. In this case, we will only send the action
> you choose to take to help refine our anti-phishing algorithms. Please note
> that enabling Enhanced Protection gives the Google Safe Browsing extension
> access to the most up-to-date fraud information about each page you visit.
>
> Please see our Privacy Notices<http://www.google.com/tools/firefox/extensions_privacy.html>for privacy information regarding Google Safe Browsing
>
>
>
> On 1/4/07, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> >
> > Stan Bubrouski wrote:
> >
> > > You're forgetting that gmail has a feature to report phishing
> > > messages, that alone could give google quite a list of phishing sites
> > > given its userbase.
> >
> > _And_ the "Report Web Forgery..." option in Firefox' Help menu also
> > reports the suspect URL to Google at:
> >
> >    http://www.google.com/safebrowsing/report_phish/
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>

[ CONTENT OF TYPE text/html SKIPPED ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux