lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E964A515-D44F-4A2C-83A1-9D178F120EA2@beskerming.com>
Date: Wed, 3 Jan 2007 17:05:11 +1030
From: Sûnnet Beskerming <info@...kerming.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Google's blacklisted url database (phishing url
	database)

Hi List,

"How exactly does such data get captured? Somebody placed a link  
somewhere with the url having the user/password in it?"

A bit of digging turns up the Google Gadget that these little MySpace  
gems are coming from (http://www.google.com/ig/directory?url=http:// 
web.ebuell.com/myspace.xml).  Why the developer chose to pass /  
accept authentication details in the URL without warning the end user  
is beyond me.  Perhaps it is related to his claims that it can be  
used as a proxy to access MySpace when the main site is being blocked  
by filters.

Unfortunately for Google, the URLs listed clearly identify that the  
mistake is a result of Google indexing the Google Gadgets that people  
have placed on their sites / Google homepages.  It is interesting to  
see the quality of the passwords on this list of presumably live  
accounts, though I do think that some of the users are a little  
insecure about more than just their passwords...

Even though searching for various elements of the listed URLs across  
a number of the major search engines doesn't turn up anything of  
interest, the author claims that it has been used almost 3.5 million  
times from Google (distinct users would be less, but it would make  
for interesting sniffing).


Carl

Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ