Sign In
Register
Help
richcon said:
Cog3125:
I imagine your concerns are probably why Google won't allow browsers to display a malware or phishing notice if their blacklist is more than 30 minutes out of date. Just because a site was hacked 40 minutes ago doesn't mean it's still hacked now.
Now, hopefully Google does a good job clearing sites once they go away or malware is removed.
I imagine your concerns are probably why Google won't allow browsers to display a malware or phishing notice if their blacklist is more than 30 minutes out of date. Just because a site was hacked 40 minutes ago doesn't mean it's still hacked now.
Now, hopefully Google does a good job clearing sites once they go away or malware is removed.
Actually, that last line is more my primary concern: I do get why the system won't bother to use an outdated list, but what the high level descriptions of anti-phishing mechanisms leave unclear on how sites are identified as phishing sites, and how they can be subsequently "cleared."
My dubiousness about the defense mechanism lies both in how quickly a hacked site can be identified (window of opportunity for the hacker before discovery) and how/whether older addresses can ever be removed even though the addresses are no longer being used by phishers (I mean, who hasn't encountered obsolete links in a search engine?) How much database space will need to be allocated to this, say, a few years down the road? How big will local cache files need to become? Will remote server response times eventually become a drag even on broadband connections?
And of course, this is separate from the issue of hacked sites. I did read your earlier post about an invisible IFRAME being inserted into the content, and I agree that such hacks are problematic if they turn trusted sites into untrusted ones, but I'm talking here about the original sites which Google will store (the ones to which tricks like this expose the visitor). Surely if those sites becomes well known and therefore ineffective, phishers will compensate by moving to new ones. That's when I imagine the database levels starting to rise. It might be I just don't have enough background and I'm imagining a problem that won't come to pass, but it's not intuitively obvious that it won't.
On the topic of hacked sites, tho... (and this is more of a random thought that may just be my ignorance, being no more than a hobbyist programer), can't an "overseer" daemon be designed to run on the same server as a web server whose job it is to monitor for changes, and, if detected, clear them with the site admin, say, either by email or IM. Granted, you'd still introduce overhead, but it would be localized to the server, could be balanced to whatever priority level doesn't adversely affect traffic performance, and would have a smaller job, since a locally run daemon would have a more limited amount of material to monitor.
Or does the dynamic nature of modern web content entirely preclude this option from being practical? (I'm genuinely asking, BTW... not trying to sound smart).
MultiQuote
