Re: [Full-disclosure] Google's blacklisted url database (phishing url database)

["Ronald MacDonald" <ronald@xxxxxxxxx>]

> > 12. What information is sent to Google when I enable the Enhanced
> Protection Feature?
> >
> > When enabled, the entire URL of the site that you're visiting will be
> securely transmitted to Google for evaluation. In addition, a very condensed
> version of the page's content may be sent to compare similarities between
> authentic and forged pages. For example, if the condensed 'fingerprint' of
> the page you are visiting matches the 'fingerprint' of a popular bank's site
> but the page's URL is different, that's a good sign that the page you are on
> is designed to mislead users.

<snip>

well, there we go - that's google's response to the problem, and I
suppose it's hardly google's fault if we use crap passwords anyway.

BUT at the same time, it springs to mind, why would google opt for a
mechanism which sends all of this information, in plain text, to the
client? surely it would be possible to run the site checking mechanism
server-side, and if not, at least make it a bit more difficult to get
to the data?

I didn't spend too much time reading how the information was gathered,
but I'm guessing it was just your standard interception through a
paraos-type proxy. However, this begs the question of how much
personal data google should be allowed to store - let *alone* send it
to other users of the internet.

Regards,
Ronald.

-- 
Ronald MacDonald
http://www.rmacd.com/
0777 235 1655

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/