Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Goofs On Firefox's Anti-Phishing List

Posted by timothy on from the unless-you-like-it-that-way dept.

Stephen writes "While phishing is a problem, giving one company the power to block any site that it wishes at the browser level never seemed like a good idea. Today Google blocked a host of legitimate web sites by listing mine.nu. mine.nu is available as a dynamic dns domain and anybody can claim a sub domain. All sub-domains are blocked regardless of whether phishing actually occurs on the sub-domain or not. Several Linux enthusiast sites are caught up in the net including Hostfile Ad Blocking and Berry Linux Bootable CD."

5 of 168 comments (clear)

  1. First post! by Anonymous Coward · · Score: -1, Troll

    First post!

  2. Remote monitoring possibilities by fph+il+quozientatore · · Score: 0, Troll
    Actually, it is even more scary than this. Have a look at the protocol: here's how it works:

    1- Firefox automatically downloads a list of 32-bit hashes of "dangerous" addresses
    2- when the user browses on a site matching one of these hashes, Firefox sends a request to Google for a 256-bit version of the same hash
    3- does the site match the 256-bit hash? If yes, warn user; if not, continue silently.

    Convinced? Well, here's how it really works:

    1- <insert name here> tells Google to monitor www.terrorist.com
    2- Google adds the 32-bit hash of www.terrorist.com to the list
    3- when the browser sends a request for the 256-bit hash of www.terrorist.com, Google replies with a hash that does not match www.terrorist.com
    4- the user notices nothing strange and continues browsing
    5- Google sends <insert name here> a list of all the people browsing on www.terrorist.com, identified through cookies (including their GMail password).

    Please forget the usual "??? - Profit!" jokes, and go warn the Firefox developers.

    --
    My first program:

    Hell Segmentation fault

  3. LOL by TheNetAvenger · · Score: -1, Troll

    This is where the Firefox/Google fans realize that MS will end up winning again, this time by being the 'good guy'...

  4. Re:I hate that Google can do this by SadSoupDragon · · Score: -1, Troll

    You've learned the term "IP address" and you're trying to apply it to everything. You're right, Google does not filter by IP address. This is not what I or anybody else has claimed. Go back, read through properly and fill in the gaps. There are now yet more individuals posting to tell you that you don't understand this. If you need a pen and paper to work it out I'll be happy to supply you with one. Don't draw a naked wolf giving a blowjob to a horse please, furry.

  5. Re:I hate that Google can do this by SadSoupDragon · · Score: -1, Troll

    It's not a brand new account, and I wasn't hiding the fact that I was the AC! I signed in because the enforced delay between AC posts was massive. Turns out that this account isn't brand new, but almost a year old. Are you capable of saying anything that is in any way correct? You've embarrassed yourself on so many levels. It's brilliant. Not that your kind has any dignity. I'm just going to go now and leave you to making yourself look foolish on your own merits. Have a nice day.