Henrik Nordstrom wrote:
> sön 2007-06-24 klockan 23:49 +0200 skrev Andreas Pettersson
>> I'm not sure I follow you here..
>> If phisher has control of evil.com he could send out send out unique
>> urls in each and every spam, all pointing to the same physical host.
>> Sure, MD5 hashes is efficient, but the number of possible urls is nearly
>> unlimited. It would be much easier to list the host instead.
>>
> And the Google SafeBrowsing lookup algorithm allows just that.. It's not
> just an MD5 of the complete URL. The URL is processed in many steps of
> varying granularity, each producing an MD5 to look up in the blacklist.
>
> http://code.google.com/apis/safebrowsing/developers_guide.html#PerformingLookups
>
> Note: In the worst case there is 5 * 6 = 30 different lookups per URL.
> Normally less than 10 however
[walks away and stands in the corner]
Believe it or not, I actually read that guide before making my initial
post, but apparently it completely vanished from my memory...
Perhaps It happened when Phishtank was brought up.
-- AndreasReceived on Sun Jun 24 2007 - 16:23:47 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT