[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Google's blacklisted url database (phishing url database)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Google's blacklisted url database (phishing url database)
- From: Sûnnet Beskerming <info@xxxxxxxxxxxxxx>
- Date: Wed, 3 Jan 2007 17:05:11 +1030
Hi List,
"How exactly does such data get captured? Somebody placed a link
somewhere with the url having the user/password in it?"
A bit of digging turns up the Google Gadget that these little MySpace
gems are coming from (http://www.google.com/ig/directory?url=http://
web.ebuell.com/myspace.xml). Why the developer chose to pass /
accept authentication details in the URL without warning the end user
is beyond me. Perhaps it is related to his claims that it can be
used as a proxy to access MySpace when the main site is being blocked
by filters.
Unfortunately for Google, the URLs listed clearly identify that the
mistake is a result of Google indexing the Google Gadgets that people
have placed on their sites / Google homepages. It is interesting to
see the quality of the passwords on this list of presumably live
accounts, though I do think that some of the users are a little
insecure about more than just their passwords...
Even though searching for various elements of the listed URLs across
a number of the major search engines doesn't turn up anything of
interest, the author claims that it has been used almost 3.5 million
times from Google (distinct users would be less, but it would make
for interesting sniffing).
Carl
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/