Re: [squid-users] Google Safe Browsing API - Integration with squid?

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Mon, 25 Jun 2007 00:08:25 +0200

sön 2007-06-24 klockan 23:49 +0200 skrev Andreas Pettersson:

> I'm not sure I follow you here..
> If phisher has control of evil.com he could send out send out unique
> urls in each and every spam, all pointing to the same physical host.
> Sure, MD5 hashes is efficient, but the number of possible urls is nearly
> unlimited. It would be much easier to list the host instead.

And the Google SafeBrowsing lookup algorithm allows just that.. It's not
just an MD5 of the complete URL. The URL is processed in many steps of
varying granularity, each producing an MD5 to look up in the blacklist.

http://code.google.com/apis/safebrowsing/developers_guide.html#PerformingLookups

Note: In the worst case there is 5 * 6 = 30 different lookups per URL.
Normally less than 10 however.

Regards
Henrik

Received on Sun Jun 24 2007 - 16:08:30 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT