hash alive time?
5 views
Skip to first unread message
nsquar3
Sep 9, 2009, 1:25:52 PM9/9/09
to Google Safe Browsing API
Does any one know how long the hash stay in the database? Such as
does safebrowsing broadcast a remove hash when a phish site is
offline? Any info would be great.
Thanks.
does safebrowsing broadcast a remove hash when a phish site is
offline? Any info would be great.
Thanks.
TQM
Sep 10, 2009, 5:34:41 PM9/10/09
to Google Safe Browsing API
> Such as does safebrowsing broadcast a remove hash when a phish site is
> offline?
I doubt it to say the least.
> offline?
Site off-line and taking it off the list right away would be a bit
naive IMHO - that would turn sites into 'blinkenlights' and make life
easier for scammers. I can only guess that site is removed from the
list when Google confirms that it is clean. That's the whole point of
'safe browsing', isn't it?
I think it's way easier to get on the list than off it and getting off
takes longer. Once you are removed from the list, nothing stands in a
way to get you added again if (or rather WHEN) Google detects malware/
phish again. If I was writing the system I would keep an eye on the
sites that were removed from the list and check them more often than
others - just in case.
I guess they have some very very nice (ie. almost simple but very
effective) algorithms we can't even dream of. Simply K.I.S.S.
Nguyen Nguyen
Sep 11, 2009, 12:19:03 PM9/11/09
to google-safe-...@googlegroups.com
Thanks for your answer. I am just trying to debug my application since it isn't working correctly, and not sure where to pin point it.
My app. monitor all the phish detected by myself and check when it appear on the SafeBrowsing. Once the site has been reported, it's went down. Only 20% of the phish being reported are appear on SafeBrowsing list therefore I am not sure if google check on the site and since it is down, google doesn't add it on the SafeBrowsing list.
One interesting study state that Firefox and Chrome, whom both use SafeBrowsing, does not match on displaying the phish detected website. You can test this by going to phishtank and open various url on both browser.
Does any one have similar problems?--
Nguyen Nguyen
BFS::BornFromScratch
My app. monitor all the phish detected by myself and check when it appear on the SafeBrowsing. Once the site has been reported, it's went down. Only 20% of the phish being reported are appear on SafeBrowsing list therefore I am not sure if google check on the site and since it is down, google doesn't add it on the SafeBrowsing list.
One interesting study state that Firefox and Chrome, whom both use SafeBrowsing, does not match on displaying the phish detected website. You can test this by going to phishtank and open various url on both browser.
Does any one have similar problems?
Nguyen Nguyen
BFS::BornFromScratch
TQM
Sep 15, 2009, 10:17:26 AM9/15/09
to Google Safe Browsing API
Hi Nguyen
> Only 20% of the phish being reported are appear on SafeBrowsing list therefore I
> am not sure if google check on the site and since it is down, google doesn't
> add it on the SafeBrowsing list.
hmmmm interesting
> One interesting study state that Firefox and Chrome, whom both use
> SafeBrowsing, does not match on displaying the phish detected website. You
> can test this by going to phishtank and open various url on both browser.
I think that will also depend on how often does FF and Chrome update
their hash lists. If you could do (somehow) a test where you know for
sure that both browsers have exactly the same versions of data and
then start checking URLs it would give more measurable comparison.
Then a mismatch there would suggest that checks are implemented in a
different way, maybe not very complete or something similar - but
that's just a theoretical situation, not verified in any way, so
please don't take it for granted.
> Only 20% of the phish being reported are appear on SafeBrowsing list therefore I
> am not sure if google check on the site and since it is down, google doesn't
> add it on the SafeBrowsing list.
> One interesting study state that Firefox and Chrome, whom both use
> SafeBrowsing, does not match on displaying the phish detected website. You
> can test this by going to phishtank and open various url on both browser.
their hash lists. If you could do (somehow) a test where you know for
sure that both browsers have exactly the same versions of data and
then start checking URLs it would give more measurable comparison.
Then a mismatch there would suggest that checks are implemented in a
different way, maybe not very complete or something similar - but
that's just a theoretical situation, not verified in any way, so
please don't take it for granted.
Reply all
Reply to author
Forward
0 new messages