List of URLs instead of hashes
38 views
Skip to first unread message
Alexandre Dulaunoy
Aug 10, 2009, 7:43:23 AM8/10/09
to Google Safe Browsing API
Dear,
Is it possible to get from the SafeBrowsing API the list of URLs
(including the full URL) instead of having the black-list as hash
value only?
Thanks a lot,
Is it possible to get from the SafeBrowsing API the list of URLs
(including the full URL) instead of having the black-list as hash
value only?
Thanks a lot,
Jon
Aug 12, 2009, 3:14:38 PM8/12/09
to Google Safe Browsing API
As near as I can tell, the API was designed specifically so that you
can not do this. In fact, I believe the agreement for an API key
states specifically requires that you agree not to do this. And I can
think of a couple of pretty good reasons for that as well.
Google is offering the API and service for free, so why not just use
it as intended?
can not do this. In fact, I believe the agreement for an API key
states specifically requires that you agree not to do this. And I can
think of a couple of pretty good reasons for that as well.
Google is offering the API and service for free, so why not just use
it as intended?
Tom
Aug 15, 2009, 3:41:27 PM8/15/09
to Google Safe Browsing API
Jon is right - T&C says you are not allowed to decode those hashes in
any way and you have agreed to those terms.
Of course we get hashes not URLs for a good reason. I wouldn't expect
Google to be so irresponsible to intentionally publish a list of URLs
that contain malware. How many little, evil "geniuses" would try to
extract malware from the pages, copy it and run their own malicious
schemes?
If we play with the fire we can get nasty burns... working with hashes
we are much safer.
Google +1up :-)
any way and you have agreed to those terms.
Of course we get hashes not URLs for a good reason. I wouldn't expect
Google to be so irresponsible to intentionally publish a list of URLs
that contain malware. How many little, evil "geniuses" would try to
extract malware from the pages, copy it and run their own malicious
schemes?
If we play with the fire we can get nasty burns... working with hashes
we are much safer.
Google +1up :-)
Alexandre Dulaunoy
Aug 17, 2009, 4:14:18 PM8/17/09
to Google Safe Browsing API
is active?), doing reverse engineering of the gathered malware
or matching the path (host can be variable for malware infection
but path could remain fixed or using extra parameters like password.
also a risk with the current method of building suffix and prefix[1]).
In other words with having the full list of URL, you can do security
research and maybe help people to be better protected. That's just
another perspective...
I tend to agree that working with hash is much safer. I just hope that
the current canonicalization is working properly and we don't miss hit
in the hash list due to IDN and encoding evasion or other attacks.
adulau
[1] http://code.google.com/apis/safebrowsing/developers_guide.html#SuffixPrefix
--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov
Reply all
Reply to author
Forward
0 new messages