By: Google’s Anti-Phishing Blacklist Leaked Passwords at Garrett Gee

Google’s Anti-Phishing Blacklist Leaked Passwords at Garrett Gee — Mon, 29 Jan 2007 01:13:54 +0000

[…] But what is this blacklist and how did the data get there? The blacklist is a list of url’s that Google classified as a phishing site, which would help end users avoid fraud. So how does google determine this, and how is that data getting transfered? Nitesh Dhanjani has a pretty good writeup about this over at Oreilly. We know that information is getting transfered to google via the safe-browsing extension, but which version is vulnerable to this? The downloadable Google Toolbar has one version, the Firefox extension has another version, and Firefox 2 has a built in version. And as to how the data got there, that was due to poor design from the website(s). The username and password were in the url, and since the extension sends whole urls, that data ended up on Google’s blacklist. I didn’t even think people coded sites in this way anymore! […]

Comments on: Google’s Safe Browsing built into Firefox 2

By: Google’s Anti-Phishing Blacklist Leaked Passwords at Garrett Gee