Google Goofs On Firefox's Anti-Phishing List 168
Stephen writes "While phishing is a problem, giving one company the power to block any site that it wishes at the browser level never seemed like a good idea. Today Google blocked a host of legitimate web sites by listing mine.nu. mine.nu is available as a dynamic dns domain and anybody can claim a sub domain. All sub-domains are blocked regardless of whether phishing actually occurs on the sub-domain or not. Several Linux enthusiast sites are caught up in the net including Hostfile Ad Blocking and Berry Linux Bootable CD."
I hate that Google can do this (Score:4, Informative)
In my mind giving this power to Google is the most objectionable thing related to the company. I know somebody who has had his legitimate business ruined because Google mistakenly added his site to this list. Why? Because it was hosted on the same physical server as a truly objectionable web site.
People need to stop childishly sneering at Windows users and take their focus away from Microsoft. The terrible Goliath is clearly Google now. Even when it's not being evil it causes trouble just by being *clumsy*.
Re:Not google's fault (Score:5, Informative)
Um, no. The list is supplied by Google. When Firefox blocks a site, press the 'Why was this site blocked?' button to see Google's warning about it (http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://mine.nu/ [google.com] in this case).
Re:Misleading desciption (Score:1, Informative)
If you had different organizations, and a final list decided on majority, then it would be impossible for one single company to intentionally block anything.
Re:I'm not sure how this is a goof (Score:2, Informative)
Some years back "general network administration" made it impossible for me to see mail that came from Asia. That caused huge problems for me. The fuckwit that did this made the same argument you just did. If you are going to accept that sort of power you should learn the maxim "first, do no harm."
Re:I hate that Google can do this (Score:1, Informative)
I didn't say that! Why can't you understand *ANYTHING*? The site was hosted on the same *server* as a malicious site. The site had its own domain, it was just on a shared hosting machine that Google mistakenly judged to be a network of malicious sites.
Do you grasp this now?
Re:I hate that Google can do this (Score:0, Informative)
This is ridiculous. Are all furries this stupid?
Here is the process, step by step:
1) Somebody at Google decided that a site hosted on a shared server run by a very small company was bad.
2) They added this bad site's URL to the block list.
3) The PERSON (not script—you keep using the word "matched" as if you think this is a script) at Google mistakenly believed the entire server to be a bad egg. Perhaps there were other malicious sites on there and he judged them all to be bad. Here is an example of a server with many bad sites on it: http://www.websiteoutlook.com/www.a-big-huge-giant-clits-hairy-wet-cunts.com (notice how websiteoutlook is able to tell that they are on the same server. This is NOT witchery, it's an easy thing to tell). Google clearly likes to take all of the sites down in one swoop.
4) Every site on the server was blacklisted by URL, including the innocent site.
DO YOU GET IT NOW
Re:Everybody makes mistakes, false positives (Score:2, Informative)
Any maintained blacklist of any reasonable size is going to end up with false positives. It's one of those things you just have to accept. People notice and report it, the entry gets removed, and we move on.
*If* the entry gets removed.
Comment removed (Score:3, Informative)
Re:Get a real domain then. (Score:5, Informative)
I don't get why you are getting annoyed that I (and probably many others) do things like this?
Why was this blocked? (Score:4, Informative)
Safe Browsing
Diagnostic page for mine.nu/
What is the current listing status for mine.nu/?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 4329 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/21/2008, and suspicious content was never found on this site within the past 90 days.
Malicious software includes 7523 scripting exploit(s), 2911 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, mine.nu/ appeared to function as an intermediary for the infection of 183 site(s) including culportal.info, mipt.ru, baikal-discovery.ru.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 932 domain(s), including bernard-becker.com, mipt.ru, dhammasara.com.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Re:Get a real domain then. (Score:3, Informative)
Sorry dude. I block whole netblocks that I/we don't have any business with, and that fill up my logs with annoying connection attempts, and portscans, etc. I'll show you my method for blocking about 80% of probes, scans, password guessing bots, etc:
I don't get why you are getting annoyed that I (and probably many others) do things like this?
Your rule blocks most Australian IP addresses, for starters.
Re:Get a real domain then. (Score:3, Informative)
Well...
wget -o /dev/null -O - http://www.iana.org/assignments/ipv4-address-space/ [iana.org]
He's asking IANA for the netblocks... (click the link to see what does get returned)
grep whois.apnic.net
administerd by APNIC (Asia-Pacific)
grep ALLOCATED
currently in use (not legacy ones)
cut -d " " -f 1
culling everything from each line except the IP/mask (the first item)
xargs
and strips the carriage returns to generate a list of IP blocks in the AP region.
# need to add in .0.0.0 though
Of course he has to manually add in the .0.0.0 for each block for the next to work
for asia in 58.0.0.0/8 59.0.0.0/8
do
$fw -A INPUT -s $asia -j DROP
done
He then sets up his firewall to instantly drop any packets coming from any of those IP blocks so he can't hear them.
It's a bit sledgehammer/nut IMO.