Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Goofs On Firefox's Anti-Phishing List

timothy posted more than 4 years ago | from the unless-you-like-it-that-way dept.

The Internet 168

Stephen writes "While phishing is a problem, giving one company the power to block any site that it wishes at the browser level never seemed like a good idea. Today Google blocked a host of legitimate web sites by listing mine.nu. mine.nu is available as a dynamic dns domain and anybody can claim a sub domain. All sub-domains are blocked regardless of whether phishing actually occurs on the sub-domain or not. Several Linux enthusiast sites are caught up in the net including Hostfile Ad Blocking and Berry Linux Bootable CD."

cancel ×

168 comments

Sorry! There are no comments related to the filter you selected.

First post! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#25095539)

First post!

Good idea? (5, Interesting)

grasshoppa (657393) | more than 4 years ago | (#25095549)

While phishing is a problem, giving one company the power to block any site that it wishes at the browser level never seemed like a good idea

Actually, giving a single company this kind of authority is usually not a bad idea. Spamhaus and email, for example.

The issue is about trust. Even with this goofup, I trust google ( although their response to this could change that ). Hell, I trust MS here too, to a limited extent.

Re:Trust (4, Insightful)

Bieeanda (961632) | more than 4 years ago | (#25095663)

Yeah. While I reflexively rankle at the idea of blocking a whole swathe of domains like that, it's unfortunately clear that services like dyndns and mine.nu are going to be overrun with phishers and scammers because they're just as convenient to them as they are to non-malicious Internet users.

Re:Trust (4, Insightful)

calmofthestorm (1344385) | more than 4 years ago | (#25095895)

We need to educate users to check the URL before entering anything. Any time you rely on a technological solution to a social problem you end up with woes.

Re:Trust (5, Insightful)

santiagodraco (1254708) | more than 4 years ago | (#25096399)

It's just not going to happen. We like to think that "everyone" is capable of understanding what is going on when they browse the web, but that's wishful thinking.

It will be a LONG time until you can ever hope that the general public is as smart as the malicious few out there. Until then technology solutions will continue to be needed, desired and our best bet in combating this. Hell, they always will.

Re:Trust (1)

houghi (78078) | more than 4 years ago | (#25097293)

Although a great idea, it won't work. Even when you speak to each person individualy, they will not understand the danger unless they are either technicaly savy enough or if they have been abused in some way because of it. And even then they will most likely not care. They clicked on 10.000.000 links so the next one won't be so bad and they have a virus program, so they MUST be safe, right?

It is as if you try to explain to RMS that personal presentation is importand for many people.

Re:Trust (1)

calmofthestorm (1344385) | more than 4 years ago | (#25097367)

Maybe, but I'm still against the false sense of security these "anti-phishing" tools provide. And although I see it may be a necessary evil, it bugs me how many legitimate sites are going to be burned by this.

Re:Trust (1)

spazdor (902907) | more than 4 years ago | (#25096077)

My position is that dynamic DNS services have nothing to do with phishing and scamming. Since either way, the URL is phony, there's not much practical difference between running a fake hotmail site at http://h0tm4il.mine.ru/ [h0tm4il.mine.ru] rather than at http://24.64.197.48./ [64.197.48] There aren't many people out there who would be fooled by one but not the other.

Re:Trust (2, Funny)

caluml (551744) | more than 4 years ago | (#25096557)

Well, there's a pair of boobies [sedoparking.com] poking out at you on the mine.ru page.

Re:Trust (1)

hairyfeet (841228) | more than 4 years ago | (#25096127)

But what about legit sites? I don't mean these dynamic that could be nice one day and nasty the next either. I have noticed for the past week and a half or so Firefox has been screaming Freeware World Team is a malicious malware site. I have been using FWT for nearly a decade to find little niche freeware to fill jobs me or my customers needed done and never had so much as a piece of spyware. So maybe we should have more than one group comparing their notes to make up our anti phishing/anti malware lists? Because it seems like a false positive could really hurt a business,and could possibly even be used by a rival to cause real damage when their competitor is in bad shape. But as always this is my 02c,YMMV

Re:Trust (4, Insightful)

GIL_Dude (850471) | more than 4 years ago | (#25096189)

I don't know anything about the FWT site; it may be fine. However, do remember that just because a site is trustworthy over time doesn't mean it is trustworthy today , on this visit.

I just had that driven home for me the other day. In my off time, I am a youth soccer coach. The website for our league has been fine for several years. Last week I visited it and got the malware warning from FireFox. I checked with the webmaster and sure enough, they had gotten hit with a SQL injection attack and had indeed gotten malware of some sort hosted on the site.

So, FWT may be a false positive - but it is at leat possible that they also got successfully attacked.

We really don't have a good system to evaluate trust on the fly due to the dynamic nature of internet content. A page that was fine 20 minutes ago may attack you now.

Re:Good idea? (1)

Anonymous Brave Guy (457657) | more than 4 years ago | (#25096245)

Actually, giving a single company this kind of authority is usually not a bad idea. Spamhaus and email, for example.

I respectfully disagree. Giving a single, unaccountable group the effective power to completely kill some domain's e-mail is a bad idea, too. It's far too easy to game any one blacklist, and it's far too hard to get a domain that was added incorrectly (or that has been taken over by someone new who has no connection to the previous registrant) removed from the list again. I don't believe any sysadmin worth their salt filters based only on input from a single blacklist.

A Spamhaus Misunderstanding? (0)

Anonymous Coward | more than 4 years ago | (#25096317)

I believe that Spamhaus does not block anything. It reports opinions based on users' experiences and leaves it to individuals to make their own judgements and act accordingly

Re:Good idea? (0)

Anonymous Coward | more than 4 years ago | (#25096449)

I won't trust MS. In their IM client they block *.sytes.net and *download.php, and they have been doing it for a year. Why will this be different?

Re:Good idea? (1)

satmd (1265572) | more than 4 years ago | (#25097219)

Yeah, and spamhaus is a good example how to do things. But in reality, spamhaus has listed innocent hosts in the past AND wants a fee to delist them regardless the ban was unreasoned in the first place. Way to go.

Misleading desciption (0)

Anonymous Coward | more than 4 years ago | (#25095583)

"...giving one company the power to block any site that it wishes at the browser level never seemed like a good idea."

How exactly would assigning maintenance of anti-phishing lists to different organizations avoid a problem like this?

Isn't the implication that Google is intentionally blocking these innocuous subdomains (which share the same domain as phishing sites) just a tad disingenuous?

Re:Misleading desciption (1)

caramelcarrot (778148) | more than 4 years ago | (#25095779)

It's not just Google, MSN has been blocking my mine.nu address for ages. In order to send it to people I have to stick a space in. Unless Microsoft and Google use similar lists? Also, I noticed this today as I tried to work out why a website hosted locally was refusing to load javascript - turns out that the file was referenced by my mine.nu address and firefox was blocking it.

Re:Misleading desciption (1, Informative)

Anonymous Coward | more than 4 years ago | (#25095833)

If you had different organizations, and a final list decided on majority, then it would be impossible for one single company to intentionally block anything.

Re:Misleading desciption (2, Interesting)

HobophobE (101209) | more than 4 years ago | (#25097071)

Having a distributed system where individuals are responsible for rating resources (other individuals, websites, basically _anything_ with a unique ID or URI) would go a long way not just to combat phishing and malware, but other sorts of scams, trolls, etc. I call that system a "reputation system."

We need a system where I can rate a site as vapid (ie, experts-exchange is a waste of my time in search results) and then people who choose to subscribe to my ratings will see those sites may not be worth their time.

The key is to make it extensible such that it can encompass the internet at large and even things in real life like menu items in restaurants.

It's one thing to get feedback about something from one or a handful of people. It is more valuable to have a large graph of opinions which you can prune at will to give you the best information available.

I'm not sure how this is a goof (0)

Anonymous Coward | more than 4 years ago | (#25095585)

Let's presume that I used my domain to provide subdomains for free. Lets also presume that I or one of my free subdomains did some phishing. It's not out of the ordinary for a network administrator to ban an entire domain to help secure his network. Do you know how much work it would be to go through a site with tons of subdomains to cherry pick which ones are malicious and which ones are not? What if the admin can't even get a list of the subdomains? What if the site has 10k subdomains? It's easier (and usually safer) to "deny all, allow some" than to spend your entire day finding every malicious website and blocking it by hand.

Then, someone can come along who is a user of the network with the blacklist and complain to the network administrator. The administrator can fix the problem by unbanning a specific subdomain if they choose to.

Isn't this just general network administration? I see it as a non story.

Re:I'm not sure how this is a goof (1)

ScrewMaster (602015) | more than 4 years ago | (#25095647)

It's only an issue because of the scale of the problem. There's a difference between administration of an internal corporate or personal network, and something that affects untold millions of users worldwide. If Google's anti-phishing efforts begin to accrue too much collateral damage, then one will need to reconsider how practical it is. The same applies to real-time black-hole lists for email for that matter: some of them get too damned aggressive as well.

Re:I'm not sure how this is a goof (2, Interesting)

caramelcarrot (778148) | more than 4 years ago | (#25095803)

Presumably if Google thinks some subdomains are malicious, they actually know which ones are in fact malicious? Owing to the fact that they found them in the first place? I'm wondering if the reason they just blocked the entire domain was because some attackers are just registering lots of subdomains as a fast-flux method.

Re:I'm not sure how this is a goof (1)

turbidostato (878842) | more than 4 years ago | (#25095873)

"It's not out of the ordinary for a network administrator to ban an entire domain to help secure his network."

Yes. I think this has a lot to do with Sturgeon's law: network administrators are not an exception for the 90% law.

Re:I'm not sure how this is a goof (2, Informative)

Anonymous Coward | more than 4 years ago | (#25095907)

Some years back "general network administration" made it impossible for me to see mail that came from Asia. That caused huge problems for me. The fuckwit that did this made the same argument you just did. If you are going to accept that sort of power you should learn the maxim "first, do no harm."

Re:I'm not sure how this is a goof (1)

silanea (1241518) | more than 4 years ago | (#25096235)

Why was this modded down? "Do no harm" actually is the first thing we teach our fledgling admins.

That something is "not out of the ordinary" does not automatically mean it isn't utter bollocks. Indiscriminate blocks are stupid in most cases. If a domain didn't cause trouble, it shouldn't be added to such a generic blacklist. That's just as stupid as blocking dynamic IPs from sending mail - the problem does not lie in the IP but in the mail, so the answer is to fix the mail system.

Re:I'm not sure how this is a goof (1)

Anonymous Brave Guy (457657) | more than 4 years ago | (#25096357)

Exactly. If blocking and accepting collateral damage is to be your policy, where do you stop? Blocking whole countries? Whole ISPs? Filtering all content using protocols like Usenet or BitTorrent because some of it is probably inappropriate?

Re:I'm not sure how this is a goof (1)

HJED (1304957) | more than 4 years ago | (#25096661)

Hotmaill did start rejecting all mail from the ISP I use (a very big one in AU).
but they have stooped now

Re:I'm not sure how this is a goof (1)

Anonymous Brave Guy (457657) | more than 4 years ago | (#25097345)

IME, Hotmail seems to reject almost all mail from anyone who isn't already whitelisted. Certainly every local group where I help with the IT and my own personal e-mails all get rejected by default, and the sources for those span a whole range of different ISPs and domains.

In some organisations I help, we became so bored of explaining to people with Hotmail accounts that we did send the information they asked for and it's probably in their junk e-mail store that we simply adopted a policy that if someone is stupid enough to use a mail host like Hotmail, that was their problem. We also redirect incoming mail to /dev/null if it tries to tell us we should adopt whatever non-standard, half-baked domain authentication standard the sender's personal ISP is stupid enough to filter on.

I used to feel bad about this: after all, I volunteer to help these organisations, which in turn provide various information to others, for the benefit of the community. It's a shame that some people in that community now lose out. I don't feel so bad these days, though: I just consider services like Hotmail to be broken, and choose to spend my volunteered, uncompensated time on helping those who don't make it difficult for me to do so.

Get a real domain then. (4, Insightful)

Restil (31903) | more than 4 years ago | (#25095625)

Granted, I can see there are opportunities for abuse here, but if the owners of dynamic dns domains don't properly police their "customers" and spammers and/or other malicious websites start using it, then Google has every right to blacklist the entire domain. Of course, it's arguable exactly how much can be done to prevent it, but if you're really concerned about not getting your site blocked, go ahead and blow the $7 a year on your own domain, or use a smaller ddns service that can actually pay attention to the nature of the hosts it's serving.

As far as having any one third party responsible for maintaining a blacklist, exactly how else do you intend to do it? You can always create your own blacklist, but that would first require you to "enjoy" the sites you would prefer get blocked automatically. You'll just have to trust someone to make that reasonable decision for you. Sure, there will be some mistakes, but that's the price you pay for protection.

-Restil

Re:Get a real domain then. (3, Interesting)

ccguy (1116865) | more than 4 years ago | (#25095865)

Granted, I can see there are opportunities for abuse here, but if the owners of dynamic dns domains don't properly police their "customers" and spammers and/or other malicious websites start using it, then Google has every right to blacklist the entire domain.

Countries have been banned from sites, email, IRC channels and so on with this argument.

Just so you know, some ISPs have defacto monopolies in their countries, and everyone there get the same domain. Any idiot that say 'let ban *.il, or *.es, because I got 10 spam messages from there' should be fired on the spot.

In fact, if he works at google whoever hired him should be fired, too.

Re:Get a real domain then. (4, Informative)

caluml (551744) | more than 4 years ago | (#25096651)

Sorry dude. I block whole netblocks that I/we don't have any business with, and that fill up my logs with annoying connection attempts, and portscans, etc. I'll show you my method for blocking about 80% of probes, scans, password guessing bots, etc:

# wget -o /dev/null -O - http://www.iana.org/assignments/ipv4-address-space/ | grep whois.apnic.net | grep ALLOCATED | cut -d " " -f 1 | xargs
# need to add in .0.0.0 though
for asia in 58.0.0.0/8 59.0.0.0/8 60.0.0.0/8 61.0.0.0/8 112.0.0.0/8 113.0.0.0/8 114.0.0.0/8 115.0.0.0/8 116.0.0.0/8 117.0.0.0/8 118.0.0.0/8 119.0.0.0/8 120.0.0.0/8 121.0.0.0/8 122.0.0.0/8 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 126.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 211.0.0.0/8 218.0.0.0/8 219.0.0.0/8 220.0.0.0/8 221.0.0.0/8 222.0.0.0/8
do
$fw -A INPUT -s $asia -j DROP
done

I don't get why you are getting annoyed that I (and probably many others) do things like this?

Re:Get a real domain then. (1)

ccguy (1116865) | more than 4 years ago | (#25096731)

I block whole netblocks that I/we don't have any business with,

Until you happen to admin a major mail provider I couldn't care less.

People never learn (0)

Anonymous Coward | more than 4 years ago | (#25095947)

This is history repeating itself. At first, blacklists seem like a good idea, they gain a following and become more influential. With rising influence they draw the attention of their enemies. The black lists either become overloaded with evasive maneuvers or accept increasing amounts of collateral damage, either as a form of kin liability or simply as a time-saving broad brush. It's not a simple mistake which can be avoided with better care. It's inevitability. All blacklists do it. Blacklists are an inherently bad idea.

Re:Get a real domain then. (0)

Anonymous Coward | more than 4 years ago | (#25097017)

Would you recommend a subdomain issued by a reputable registry like Verisign or would you go straight for a domain issued by the root registry?

Split it off (1)

pembo13 (770295) | more than 4 years ago | (#25095627)

If people thing this is a useful service, split it off, or ask someone like Spamhaus to do it,and add it some more checks and balances.

Better yet, release the code to the web service, and allow any sysadmin to host the server side portion themselves, of course with the ability to update from a central list, and accept 0% - 100% of a given list as they see fit.

Block can't be bypassed... (1)

GravityStar (1209738) | more than 4 years ago | (#25095661)

Great, if the blocked site makes use of frames, you just can't bypass the warning. And there's no way to permanently unblock a site...

<sarcasm>I feel safer already</sarcasm>

Re:Block can't be bypassed... (0)

Anonymous Coward | more than 4 years ago | (#25095765)

Sure you can remove it, just go to Tools -> Settings -> Security and turn off the "Warnings" about malicious sites. It'll let you through.

I hate that Google can do this (4, Informative)

Anonymous Coward | more than 4 years ago | (#25095677)

In my mind giving this power to Google is the most objectionable thing related to the company. I know somebody who has had his legitimate business ruined because Google mistakenly added his site to this list. Why? Because it was hosted on the same physical server as a truly objectionable web site.

People need to stop childishly sneering at Windows users and take their focus away from Microsoft. The terrible Goliath is clearly Google now. Even when it's not being evil it causes trouble just by being *clumsy*.

Re:I hate that Google can do this (3, Insightful)

Ash-Fox (726320) | more than 4 years ago | (#25095743)

Because it was hosted on the same physical server as a truly objectionable web site.

Google doesn't filter based on IP addresses, but hostnames and URLs.

The terrible Goliath is clearly Google now. Even when it's not being evil it causes trouble just by being *clumsy*.

If you don't like it, don't use it. It's not like you don't have any alternatives.

Re:I hate that Google can do this (4, Insightful)

Anonymous Coward | more than 4 years ago | (#25095781)

What? How can you misunderstand everything quite so much?

No, Google doesn't filter by IP address. But because the site was hosted on the same server as a bad site it added a URL block for the innocent too. Do you see?

Secondly, the issue isn't about me using Firefox/Google. It's about customers who did and were told that the site they had browsed to was malicious. The business lost a valuable customer this way and folded.

Re:I hate that Google can do this (1, Interesting)

Anonymous Coward | more than 4 years ago | (#25095863)

I am not a lawyer, so I should stop now, but I have to suggest that your friend talk to a lawyer regarding this matter. Google could potentially be liable for damages for libel.

Re:I hate that Google can do this (3, Insightful)

Ash-Fox (726320) | more than 4 years ago | (#25095905)

No, Google doesn't filter by IP address. But because the site was hosted on the same server as a bad site it added a URL block for the innocent too. Do you see?

Doesn't sound like a very professional business if it was using the same domain that the bad site was on. Considering one can get a .com for 6USD a year, there really is no excuse.

It's about customers who did and were told that the site they had browsed to was malicious. The business lost a valuable customer this way and folded.

This company obviously wasn't doing very well to begin with, or did things properly to begin with either - This is not surprising.

You are not going to convince me that they couldn't of done anything to change the outcome, even when they became aware of the situation.

What I do find interesting is the fact you claim Google did this, when the anti-phishing filter in the most popular browser, IE is ran by Microsoft. The most popular search engine is Yahoo! - which does not using any phishing data from Google.

Re:I hate that Google can do this (1, Informative)

Anonymous Coward | more than 4 years ago | (#25095931)

Doesn't sound like a very professional business if it was using the same domain that the bad site was on. Considering one can get a .com for 6USD a year, there really is no excuse.

I didn't say that! Why can't you understand *ANYTHING*? The site was hosted on the same *server* as a malicious site. The site had its own domain, it was just on a shared hosting machine that Google mistakenly judged to be a network of malicious sites.

Do you grasp this now?

Re:I hate that Google can do this (1)

QuoteMstr (55051) | more than 4 years ago | (#25096019)

But how can what you're saying be true if Google blocks by domain name, not IP address? Why would Google care whether your friend's site was on the same physical server if it doesn't look at IP addresses and your friend's site had its own domain?

Re:I hate that Google can do this (0)

Anonymous Coward | more than 4 years ago | (#25096379)

There's no contradiction here. Google blocks by domain but, for all you or I know, once Google has blocked one domain, it may automatically add other domains at the same IP address to its blacklist. Or perhaps they block all domains at an IP address if a sufficient proportion of known domains there are bad.

Why do you assume that the AC (not me, btw) is lying or mistaken?

Re:I hate that Google can do this (2, Informative)

Ash-Fox (726320) | more than 4 years ago | (#25096421)

I would assume the original AC is lying because Google's practices on filtering bad sites were disclosed long ago on http://www.stopbadware.org/ [stopbadware.org]

Re:I hate that Google can do this (1)

Ash-Fox (726320) | more than 4 years ago | (#25096025)

I didn't say that! Why can't you understand *ANYTHING*? The site was hosted on the same *server* as a malicious site. The site had its own domain, it was just on a shared hosting machine that Google mistakenly judged to be a network of malicious sites.

Google does not match by IP addresses and in this case, this would be the only way they could 'detect' the same site being used on the same machine.

Do you grasp this now?

No.

Re:I hate that Google can do this (0, Informative)

Anonymous Coward | more than 4 years ago | (#25096113)

This is ridiculous. Are all furries this stupid?

Here is the process, step by step:

1) Somebody at Google decided that a site hosted on a shared server run by a very small company was bad.
2) They added this bad site's URL to the block list.
3) The PERSON (not script—you keep using the word "matched" as if you think this is a script) at Google mistakenly believed the entire server to be a bad egg. Perhaps there were other malicious sites on there and he judged them all to be bad. Here is an example of a server with many bad sites on it: http://www.websiteoutlook.com/www.a-big-huge-giant-clits-hairy-wet-cunts.com (notice how websiteoutlook is able to tell that they are on the same server. This is NOT witchery, it's an easy thing to tell). Google clearly likes to take all of the sites down in one swoop.
4) Every site on the server was blacklisted by URL, including the innocent site.

DO YOU GET IT NOW

GO THE FUCK AWAY RETARD (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#25096143)

GO THE FUCK AWAY RETARD.

Re:I hate that Google can do this (1)

Ash-Fox (726320) | more than 4 years ago | (#25096227)

This is ridiculous. Are all furries this stupid?

A attack on my character, how sweet of you.

1) Somebody at Google decided that a site hosted on a shared server run by a very small company was bad.

Incorrect, a site was flagged by some users as being "bad".

2) They added this bad site's URL to the block list.

After Google confirms this, they would of added /A/ URL to the blocklist, be it some wildcard matching or such. Such as they did with mine.nu. where they blacklisted "http*://*.mine.nu/*" - Impossible to blacklist sites that do not have ".mine.nu/" in them.

3) The PERSON (not script--you keep using the word "matched" as if you think this is a script) at Google mistakenly believed the entire server to be a bad egg. Perhaps there were other malicious sites on there and he judged them all to be bad. Here is an example of a server with many bad sites on it: http://www.websiteoutlook.com/www.a-big-huge-giant-clits-hairy-wet-cunts.com [websiteoutlook.com] (notice how websiteoutlook is able to tell that they are on the same server. This is NOT witchery, it's an easy thing to tell). Google clearly likes to take all of the sites down in one swoop.

websiteoutlook.com is the domain, and yes, it's possible that Google filtered the domain. They do not however add filters to blacklist IP addresses. If this company did indeed have it's own site on it's own domain, this is not possible.

4) Every site on the server was blacklisted by URL, including the innocent site.

Again, they should of got their own domain. 6USD a year for a company is not going to break their budget, if it is, the company is dead already. Additionally, I do not believe when they became aware of the situation that they couldn't of done anything about it, such as.. Oh, I don't don't know.. Getting their own domain perhaps?

DO YOU GET IT NOW

I understand this company was extremely unprofessional because the examples you give me lead me to believe it did not truly have it's own domain. I also believe this company was not doing so well, since apparently it couldn't maintain business long enough to resolve the situation.

In fact, I even suspect that this whole business thing you came up with was a completely hypothetical situation that never occured.

Re:I hate that Google can do this (0)

Anonymous Coward | more than 4 years ago | (#25096321)

Unbelievable ignorance. You're the only person who can't follow what's going on here (see this message for somebody who CAN parse written information: http://tech.slashdot.org/comments.pl?sid=971047&cid=25096195). You should have stuck to your AC account to avoid embarrassment.

Re:I hate that Google can do this (1)

Ash-Fox (726320) | more than 4 years ago | (#25096373)

Unbelievable ignorance. You're the only person who can't follow what's going on here (see this message for somebody who CAN parse written information: http://tech.slashdot.org/comments.pl?sid=971047&cid=25096195 [slashdot.org] ).

Again, Google does not filter by IP addresses. Which, as the mentioned comment describes, is the only way for one to identify it being on the same machine. This does not invalidate anything I have said so far.

You should have stuck to your AC account to avoid embarrassment.

I suspect you knew you were wrong (perhaps even lying) from the beginning and why you remain as such.

Re:I hate that Google can do this (-1, Troll)

SadSoupDragon (895258) | more than 4 years ago | (#25096513)

You've learned the term "IP address" and you're trying to apply it to everything. You're right, Google does not filter by IP address. This is not what I or anybody else has claimed. Go back, read through properly and fill in the gaps. There are now yet more individuals posting to tell you that you don't understand this. If you need a pen and paper to work it out I'll be happy to supply you with one. Don't draw a naked wolf giving a blowjob to a horse please, furry.

Re:I hate that Google can do this (1, Redundant)

Ash-Fox (726320) | more than 4 years ago | (#25096603)

You've learned the term "IP address" and you're trying to apply it to everything. You're right, Google does not filter by IP address. This is not what I or anybody else has claimed. Go back, read through properly and fill in the gaps. There are now yet more individuals posting to tell you that you don't understand this.

I don't take any credence from a brand new Slashdot account. I know it's you, Mr. AC.

Don't draw a naked wolf giving a blowjob to a horse please, furry.

http://d.furaffinity.net/art/pinkuh/1190102989.pinkuh_cerisepony01.jpg - Oops, too late :(

Re:I hate that Google can do this (-1, Troll)

SadSoupDragon (895258) | more than 4 years ago | (#25096663)

It's not a brand new account, and I wasn't hiding the fact that I was the AC! I signed in because the enforced delay between AC posts was massive. Turns out that this account isn't brand new, but almost a year old. Are you capable of saying anything that is in any way correct? You've embarrassed yourself on so many levels. It's brilliant. Not that your kind has any dignity. I'm just going to go now and leave you to making yourself look foolish on your own merits. Have a nice day.

Re:I hate that Google can do this (0, Offtopic)

Ash-Fox (726320) | more than 4 years ago | (#25096877)

It's not a brand new account

No posts on the account, everyone on Slashdot is going to consider it brand new. Except perhaps for some possible next slur of posts by you.

You've embarrassed yourself on so many levels. It's brilliant.

And yet you tell me this, as if, you're trying to make this happen, but hasn't happened.

Not that your kind has any dignity.

Here you go again with your character assassination. Rather than debating the subject, you would rather go rampage on about how I apparently "embarrassed" myself by getting modded up to +5 Karma on two posts.

I'm just going to go now and leave you to making yourself look foolish on your own merits.

You are the one who is doing character assassination instead of coming up with a logical argument that cannot be refuted. I think you need to look in the mirror.

Perhaps you should of done some more research into believable argument - something that didn't rely on a low percentage of web users that use Firefox (only browser I'm aware of that uses Google's phishing lists) and the fact that Yahoo (doesn't use Google's phishing list) and Google are pretty much on par with each other for user usage.

Additionally not taking into account that the company in question could of reported a false positive and the fact that Google does not filter websites or match websites based on IP addresses.

I would like to point out that, since you insist there was IP matching, I have to wonder what kind of business this was, since obviously HTTPS is specific to IP addresses and a specific domain, they couldn't of had a HTTPS site since you suggest it was the same IP address and there were other sites on the same machine.

This "company" sounds really shady.

Re:I hate that Google can do this (1)

hobbit (5915) | more than 4 years ago | (#25096871)

You really are an idiot, aren't you?

1) Go to http://www.websiteoutlook.com/www.a-big-huge-giant-clits-hairy-wet-cunts.com [websiteoutlook.com]
2) Observe text which says "Other Site On 63.243.140.77"
3) There is no step 3. Oh alright I'll spell it out for you because you're obviously not the sharpest tool in the box: 63.243.140.77 is what we in the trade call an IP address.

Re:I hate that Google can do this (0)

Anonymous Coward | more than 4 years ago | (#25096519)

go back to yiffing in hell, furfag

Re:I hate that Google can do this (1)

NothingMore (943591) | more than 4 years ago | (#25096743)

Do you not understand what the OP was trying to say. HE KNOWS THEY DO NOT BLOCK BY IP ADDRESS IMPLICITLY. What he is saying is that because his friends website was hosted on the same PHYSICAL MACHINE with the same IP ADDRESS as the bad site that it was blocked even though it had a different HOSTNAME. What the OP is claiming is something that could reasonably occur (i have no inside knowledge on exactly how google does its filtering, but its not unfeasible for it to remember ip address;s and ban other host on the same ip [but different hostname]).

Re:I hate that Google can do this (0)

Anonymous Coward | more than 4 years ago | (#25096853)

Stop being such an asshole. You know what he means. Don't lead him on.

Re:I hate that Google can do this (0, Offtopic)

Ash-Fox (726320) | more than 4 years ago | (#25096929)

Stop being such an asshole. You know what he means. Don't lead him on.

Ah, I like this trick. By posting earlier in the thread it looks like I'm leading on the person. Nice character assassination.

Moderators, I should caution you to look at the time of each post.

Re:I hate that Google can do this (0)

Anonymous Coward | more than 4 years ago | (#25096101)

You are a moron for not even reading what this guy wrote.

Re:I hate that Google can do this (1, Interesting)

Anonymous Coward | more than 4 years ago | (#25095969)

No, Google doesn't filter by IP address. But because the site was hosted on the same server as a bad site it added a URL block for the innocent too. Do you see?

I don't see. How would Google determine that two sites with different domains are hosted on the same physical server, if not by IP number?

Re:I hate that Google can do this (0)

Anonymous Coward | more than 4 years ago | (#25096173)

Since google is clearly evil, they might have used some evil magic here...

Re:I hate that Google can do this (1)

mixmatch (957776) | more than 4 years ago | (#25096195)

On a shared host it is not uncommon to have multiple domain names resolving to the same IP Address. Most web servers, like Apache, can be configured to run multiple domains. Many hosts will not give you a unique IP unless you pay extra or buy space on some variant of dedicated servers. Yahoo's [yahoo.com] hosting service, for example, does not appear to advertise a unique IP. Reseller hosting is pretty much guaranteed not to give you a unique IP.

Regardless of whether the IPs were unique however, Google could still tie them together based on DNS Servers or IP address blocks owned by the host. If they are blocking an entire sub-domain service, I would not be surprised to see them block a web-hosting service that was not aggressive enough about shutting down spamming clients.

Re:I hate that Google can do this (1)

Annymouse Cowherd (1037080) | more than 4 years ago | (#25097267)

Slashdot is being clumsy, not Google. Dynamic DNS sites are usually pointed at home servers. These were linked to from the front page of Slashdot. Carnage ensued.

first time (5, Interesting)

Toveling (834894) | more than 4 years ago | (#25095681)

This is the first time we've heard about Google (or any others) making a bad block. As long as Google fixes this expediently, I'd say that it's an acceptable margin of error and the amount of phishing sites blocked is by far worth it. Now, if wikileaks suddenly gets blocked for 'phishing', something is definitely awry.

Re:first time (1)

Smallpond (221300) | more than 4 years ago | (#25096575)

What makes you think that Google will change their minds? They have automated the collection of information.

Google information for jumpbump.mine.nu:
"Of the 4329 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/21/2008, and suspicious content was never found on this site within the past 90 days.

Malicious software includes 7523 scripting exploit(s), 2911 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine."

So Google already knows that this site is not hosting malware, but blocks it anyway.

Re:first time (1)

vasko (168613) | more than 4 years ago | (#25096725)

Couple weeks ago they blocked icasualties.org [icasualties.org] for a few days.

Not google's fault (1, Insightful)

ninjapiratemonkey (968710) | more than 4 years ago | (#25095685)

The summary reads as though it was google's fault that the entire domain was blacklisted, while it's more of a mozilla issue. Mozilla releases this list of "Attack Sites" and Google Search automatically blocks them. Even if I get to the site without google, FF3 still lists it as dangerous, and warns me.
If anyone should receive blame (which IMO they shouldn't), it's Mozilla and their blacklist.

Re:Not google's fault (5, Informative)

Anonymous Coward | more than 4 years ago | (#25095817)

Um, no. The list is supplied by Google. When Firefox blocks a site, press the 'Why was this site blocked?' button to see Google's warning about it (http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://mine.nu/ [google.com] in this case).

Report Incorrect Forgery Alert (1)

zidane2k1 (971794) | more than 4 years ago | (#25095733)

I dunno how much good it could do, but I suppose people could do the "Report Incorrect Forgery Alert [google.com] " thing. I'd think it really would be better if they individually added the malicious subdomains individually, rather than blocking the entire domain, which (I'd guess) contains legitimate, or at least non-harmful, sites as a majority.

(Oh, and btw, here's Google's Safe Browsing report for mine.nu [google.com] .)

Everybody makes mistakes, false positives (5, Insightful)

Mr. Gus (58458) | more than 4 years ago | (#25095749)

Any maintained blacklist of any reasonable size is going to end up with false positives. It's one of those things you just have to accept. People notice and report it, the entry gets removed, and we move on.

Re:Everybody makes mistakes, false positives (2, Informative)

fxkr (1343139) | more than 4 years ago | (#25096409)

Any maintained blacklist of any reasonable size is going to end up with false positives. It's one of those things you just have to accept. People notice and report it, the entry gets removed, and we move on.

*If* the entry gets removed.

Re:Everybody makes mistakes, false positives (1)

bornwaysouth (1138751) | more than 4 years ago | (#25096695)

I would agree. You have to accept false positives. Humans carefully checking stuff are too slow. The Sapphire Worm doubled in size every 8.5 seconds. See this [caida.org] . Phishing is going to be slower, but I do not want to rely on a bureaucratic check-with-my-lawyer system.

One key point is the .nu in the address - Niue. Anyone running anything important out of Niue is essentially registered with www.cowboysandsharks.com. Enjoy the freedom if you are using it, but don't complain about the company you keep. Don't expect the Niue islanders to help. The place is a tiny island in the South Pacific, with about 1500 people (Wikipedia). Selling internet addresses is a cheap income source. They lack resources to police it.

Remote monitoring possibilities (0, Troll)

fph il quozientatore (971015) | more than 4 years ago | (#25095881)

Actually, it is even more scary than this. Have a look at the protocol [google.com] : here's how it works:

1- Firefox automatically downloads a list of 32-bit hashes of "dangerous" addresses
2- when the user browses on a site matching one of these hashes, Firefox sends a request to Google for a 256-bit version of the same hash
3- does the site match the 256-bit hash? If yes, warn user; if not, continue silently.

Convinced? Well, here's how it really works:

1- <insert name here> tells Google to monitor www.terrorist.com
2- Google adds the 32-bit hash of www.terrorist.com to the list
3- when the browser sends a request for the 256-bit hash of www.terrorist.com, Google replies with a hash that does not match www.terrorist.com
4- the user notices nothing strange and continues browsing
5- Google sends <insert name here> a list of all the people browsing on www.terrorist.com, identified through cookies (including their GMail password).

Please forget the usual "??? - Profit!" jokes, and go warn the Firefox developers.

Re:Remote monitoring possibilities (1)

volsung (378) | more than 4 years ago | (#25095999)

You make quite a leap in step #5. There is no indication that Firefox sends any of the current browser cookies to Google in step #3. Google could certainly log IP addresses in step #3, which is the real privacy issue here.

Re:Remote monitoring possibilities (1)

fph il quozientatore (971015) | more than 4 years ago | (#25097027)

There is no indication that Firefox sends any of the current browser cookies to Google in step #3

Evidence is here [google.com] (section 3.7.1):

The client performs a datarequest by sending an HTTP POST request to the URI:

and here [ietf.org] (section 4.3.4):

When it sends a request to an origin server, the user agent sends a Cookie request header to the origin server if it has cookies that are applicable to the request

Re:Remote monitoring possibilities (0)

Anonymous Coward | more than 4 years ago | (#25097235)

There is no indication that Firefox sends any of the current browser cookies to Google in step #3.

Actually, they do (see bug 368255 [mozilla.org] ).

Google could certainly log IP addresses in step #3, which is the real privacy issue here.

According to http://code.google.com/apis/safebrowsing/firefox3_privacy.html [google.com] , they're logged and kept for two weeks.

Re:Remote monitoring possibilities (1)

volsung (378) | more than 4 years ago | (#25097291)

Wow, ok, I stand corrected. Building the protocol around cookie transmission is a very bad idea. Hopefully that bug gets taken seriously.

Re:Remote monitoring possibilities (0)

Anonymous Coward | more than 4 years ago | (#25097101)

Your www.terrorist.com example does not work very well.

Firstly, the downloaded list of dangerous sites contains only partial hashes. This means there are collisions. That's why the browser requests a full hash. So in step 3, all that Google can determine is that someone has visited www.terrorist.com or another site that has the same partial hash.

Furthermore, Firefox frustrates any such monitoring by sending not only the partial hash of the site you visited but also a few other nearby hashes from the dangerous sites list (see bug 419117 [mozilla.org] for details).

Finally, any such monitoring properly violates the privacy policy [google.com] .

Anti-Phishing makes Firefox slow (4, Interesting)

Anders (395) | more than 4 years ago | (#25095929)

Note that the anti-phishing feature makes Firefox slow [opensuse.org] over time.

Everything Makes FF 'Slow Over Time' (0)

Anonymous Coward | more than 4 years ago | (#25096191)

That's why huge numbers of people have and are dumping it for Chrome.

Firefox is an gigantic mess of a codebase that is years overdue for having a complete rewrite from scratch. Or even better just dump the shitpile that is the Firefox source and fork off a version of Chrome.

This was a dumb idea anyway (4, Interesting)

CSMatt (1175471) | more than 4 years ago | (#25095949)

Putting anti-phishing filters into browsers just shifts the responsibility of good security practices from the user to some blacklisting company. What incentive is there to be weary about suspicious sites if you can count on the almighty Google to hold your hand while you browse the Web? This makes about as much sense as someone installing parental controls in their machine and declaring that their Internet connection is now "kid-friendly."

I've never had these filters turned on, and I've never exposed my financial data to others by accident. Usually this has something to do with me hovering the mouse over links and checking the URL in the status bar.

Some pain needs to be applied (4, Interesting)

Animats (122034) | more than 4 years ago | (#25095965)

If you're serious about blocking phishing sites, you have to accept some collateral damage. Blocking by URL stopped working last year; most attacks have unique URLs now. Many have unique subdomains. So you have to block at the second-level domain level to be effective.

We publish a list of major domains being exploited by phishing scams. [sitetruth.com] Today, there are 46 domains listed. eBay, for example, is on the list, because eBay has an open redirector exploit. [ebay.com] Click on that URL. It says "ebay.com", right? It looks like eBay, right? It's not.

On the other hand, "tinyurl.com", which used to be popular with phishers, has been able to get off the blacklist by cracking down on misuse of their service. It's possible to do redirection competently.

When we started our list last year, it had about 175 exploited domains. After some serious nagging and an article in The Register, we're down to 46. And only 11 have been on the list for more than three months; the others come and go as exploits are reported and holes plugged. So this is a problem that can be solved.

I'm glad to see Google taking a hard line on this. It's necessary that sites that do redirection feel the pain when they accept redirects to hostile sites. Google can apply much more pain that we can. Few sites will want to be on Google's blacklist for long.

Re:Some pain needs to be applied (0)

Anonymous Coward | more than 4 years ago | (#25096565)

Wow. I didn't know you could use hex notation for numerical IP addresses.

Parent's link redirects you to the site 0xc924a44, which is 12.146.74.68.

For example, http://0xd822b52d/ [0xd822b52d] is goatse. J/k. It's slashdot. You can trust me!

Firefox's anti-* shouldn't be enabled by default (4, Interesting)

TheDarkener (198348) | more than 4 years ago | (#25095997)

This is something that strikes me as the first time Firefox really pushed something out by default that shouldn't be. Just for one example, people who are on LTSP networks, say, 200 users, will ALL download anti-phishing, anti-malware blacklists from Google, each in their own home directory. There's no way that I know of, anyway, to share this data - SQLite seems to make it impossible. That's the first mistake in creating a compatible, light web browser.

The second mistake is enabling website blocking based on 3rd party blacklists by default. This is basically Microsoft UI thinking - "You *need* this because you don't know any better." Screw that. I mean, make it a checkbox on setup - "Use Google-provided anti-malware blacklists" Simple as that. I spent weeks trying to find out why, after just a few Firefox instances were launched on an LTSP server, none more would load - part of this was because every user logging in was trying to download the anti-malware stuff from Google, saturating the line, and preventing Firefox from loading for the first time.

I hope the Firefox devs will take all scenarios into account when making changes. It seems lame that every user needs all of the stuff in places.sqlite. And even if you argue with that, at the LEAST make it cross-DB compatible, so you can put everyone's in a nice big central MySQL database.

LOL (-1, Troll)

TheNetAvenger (624455) | more than 4 years ago | (#25096097)

This is where the Firefox/Google fans realize that MS will end up winning again, this time by being the 'good guy'...

Re:LOL (1)

VGPowerlord (621254) | more than 4 years ago | (#25096159)

Except that none of us use IE, so they could very well block the same domains in IE7's phishing filter and we'd never know it.

Re:LOL (1)

Jaktar (975138) | more than 4 years ago | (#25096533)

Except that none of us use IE, so they could very well block the same domains in IE7's phishing filter and we'd never know it.

While you may not use IE, some of us do. Just use the right tool for the right job.

Case and point: My online college coursework sometimes disappears if submitted using FF3. Using IE8 beta does not (and it worked fine under IE7 as well).

Yet another case and point: Flash videos under Ubuntu 8.04 with FF3 crash the browser every 4th video. FF3 under windows works without a hitch.

Re:LOL (0)

Anonymous Coward | more than 4 years ago | (#25096219)

LOL: Dear asshole wishful thinking is not a good replacement for reality.

Re:LOL (0)

Anonymous Coward | more than 4 years ago | (#25096289)

Nice trolling here. The "anti phishing" option in IE7 slows down your surfing considerably, which is why most of our users (freemail service) disable it so they don't have to wait 10-40 sek. to log out of the webmailer (IE7 does not complete the logout until the URL has been "confirmed" being "good", which sadly takes "ages" even via DSL, let alone dialup...). MS keeps its own blacklist and it is naturally just a matter of time until they have bad entries there, too. Apart from that, who'd really trust MS to tell their browser what's good and what's bad? [4realz.net]

Never ascribe to malice ... (3, Insightful)

RAMMS+EIN (578166) | more than 4 years ago | (#25096119)

Never ascribe to malice what can be equally ascribed to incompetence.

The corollary of this is, of course, that you should still be wary of single points of failure, even if you do not believe they will fail you on purpose.

not only mine.nu (1)

PaKud (1368751) | more than 4 years ago | (#25096295)

anything within shacknet.nu subdomain - also provided for free by dyndns.com - got blacklisted as well.

Oh no, someone made a mistake! (2, Insightful)

lattyware (934246) | more than 4 years ago | (#25096301)

Shit happens. Yes, it sucks, but it happens. Now, should we try to blow up the googleplex? No. Google are not blocking based on a secret agenda here, and you can bypass it or turn off the feature. OK, it'd be nice if you could choose who provides the service, but overall, it's not that big a deal.

Blocking themselves? (0)

Anonymous Coward | more than 4 years ago | (#25096327)

Whats about blocking Google, with their search users can be found malicious websites

this is where the line has been crossed (0)

Anonymous Coward | more than 4 years ago | (#25096567)

Google search, email. advertising, mapping, etc., etc., and now self appointed non-reviewed internet police department.

Uhm, that's a bad scene folks.

Why was this blocked? (3, Informative)

LingNoi (1066278) | more than 4 years ago | (#25096691)

Safe Browsing
Diagnostic page for mine.nu/

What is the current listing status for mine.nu/?

        Site is listed as suspicious - visiting this web site may harm your computer.

        Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?

        Of the 4329 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/21/2008, and suspicious content was never found on this site within the past 90 days.

        Malicious software includes 7523 scripting exploit(s), 2911 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.

Has this site acted as an intermediary resulting in further distribution of malware?

        Over the past 90 days, mine.nu/ appeared to function as an intermediary for the infection of 183 site(s) including culportal.info, mipt.ru, baikal-discovery.ru.

Has this site hosted malware?

        Yes, this site has hosted malicious software over the past 90 days. It infected 932 domain(s), including bernard-becker.com, mipt.ru, dhammasara.com.

How did this happen?

        In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

        * Return to the previous page.
        * If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Worst Slashdot Story Ever? (1)

kayditty (641006) | more than 4 years ago | (#25096873)

The summary is terrible. It doesn't provide any information whatsoever, and makes a lot of claims that I'm apparently to take at face value. There's not even an article. Okay, that's not exactly new for Slashdot posts. Whatever. It took me several re-reads to figure out what the hell they were even talking about -- what the fuck does Slashdot have to do with Google? After sifting through the comments, I'm _guessing_ it has something to do with the new anti-phishing protections in Firefox 3 (and maybe they exist in Firefox 2 as well; I can't be bothered to check). But where the fuck does Google come in? No one even bothers to tell you, and apparently it's expected to be common knowledge (no one else has even asked).

I have seen those stupid Google warning pages that I get when I try to visit a page it has "blocked" for "my safety," which is completely and utterly fucking ridiculous. If I didn't want to click on a god damn motherfucking page, I wouldn't click on it. That's one of the reasons I'm about to stop using Google. I don't need a fucking search engine to hold my hand. That's also the reason I've turned off anti-phishing in Firefox whenever I've seen the option, because I'm not a complete fucking idiot. So I'm going to make a WILD conclusion that Google is sharing this list with Firefox. One post suggested that a hash of an IP address and/or hostname was sent to Google to check against their list. If that's the case, then that's even more ridiculous than I had ever suspected.

Both Firefox and Google can fuck off. They're both shit by now anyway.

Re:Worst Slashdot Story Ever? (1)

LingNoi (1066278) | more than 4 years ago | (#25097363)

Saved me today. I visited a web page that some how turned off windows firewall before Firefox kicked in and blocked the page. First time something like that has ever happened to me, normally because I am using no-script on Linux.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>