The Google blacklist
Thursday January 25, 2007 at 11:53 am CST
Posted by Francois Paget
Used by anti-phishing technology, a list of suspicious URLs is maintained by Google and publicly available on the Internet. It is the Google blacklist: http://sb.google.com/safebrowsing/update?version=goog-black-url:1:-1
On his blog, Michael Sutton who analyzed this link, explains it is used by the Google Safe Browsing for Firefox extension which is now part of the Google Toolbar for Firefox.
On January 5th, the Register announced that this public list contained confidential information like peoples’ usernames, passwords or session tokens. They wrote the problem had been corrected. Last Monday an Internet security firm reconfirmed the problem they first discovered on the 3rd of January.
As I am interested in identity theft risks, I played with my favorite Internet search engine. Unfortunately it was not difficult to find copies of some lists that were spread before Google removed the offending data.
Online we are more and more requested to enter our personal data. One day we make an error and inadvertently some of our sensitive information can be stored or even sent to a hacker and perhaps used by him. This post demonstrates that this data can easily become publicly available on the Internet. All the more reason to be vigilant.
January 29th, 2007 at 02:19
If I am correct this issue was first reported in Full Disclosure mailing list by Rajesh Sethumadhavan of xdisclose.com in Jan 02, 2007.
Here is the link,
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051549.html
( If this is true , other claims saying they discovered it on Jan 03rd is false ! )
February 1st, 2007 at 13:51
Sutton’s analysis was the first to point out the privacy issues.
February 5th, 2007 at 21:16
http://www.finjan.com/Pressrelease.aspx?PressLan=1230&id=1261&lan=3