Google's Safe Browsing for Firefox Has Issues
Two Things That Bother Me About Google’s New Firefox Extension
 | ||
 | Email weblog link | |
 | Discuss | |
 | Blog this |
Nitesh Dhanjani
Dec. 15, 2005 03:26 AM
Permalink
"Google Safe Browsing is an extension to Firefox that alerts you if a web page that you visit appears to be asking for your personal or financial information under false pretences. This type of attack, known as phishing or spoofing, is becoming more sophisticated, widespread and dangerous. That's why it's important to browse safely with Google Safe Browsing. By combining advanced algorithms with reports about misleading pages from a number of sources, Safe Browsing is often able to automatically warn you when you encounter a page that's trying to trick you into disclosing personal information."
Good enough. I clicked on the FAQ section of the web-site to learn how the extension works, and here is the explanation given:
"6. How does Google know a page is bogus?
We use several techniques to determine whether a page is genuine, including the use of a blacklist containing pages that have been identified as suspicious and/or misleading based on automated detection or user reports. Our software also examines pages' content and structure in order to catch potentially misleading pages. Google Safe Browsing can't offer perfect protection, so you should always be on the lookout for indications that a site isn't what it appears to be. But Google Safe Browsing can help identify and protect you against many of the sites designed to trick users."
Great – but what information does the extension send to Google? To find out, I intercepted the traffic between my Firefox browser and
google.com. For every request you make, the extension invokes /safebrowsing/lookup on http://www.google.com. So, if you were to goto cnn.com with the extension enabled, here is the HTTP GET request that will be sent to http://www.google.com:
posted by . @ 7:24 PM
0 Comments:
Post a Comment
<< Home