Re: Google checking my system?
KS wrote: > Mumia W.. wrote: >> On 08/20/2007 10:18 AM, KS wrote: >>> Mumia W.. wrote: This feature is called "safebrowsing," and turning it off is as easy as changing this option: Edit-> Preferences-> Security-> Tell me if the site I'm visiting is a suspected forgery. >>> But there are two choices there. The first one checks for phishing from >>> a downloaded list of websites, while the second one asks Google for each >>> site one visits. For me the first choice is enabled by default and the >>> second choice does give a warning dialog before accepting the TOS. >>> >>> I would assume that Iceweasel does not check with google for phishing >>> with the first choice. >> Why would you assume that? >> > > The difference between the two choices indicates that the second one > checks for phishing for all sites the user visits (i.e. real time) > whereas first one works with an already present list of websites > (probably packaged with iceweasel?). > On further investigation: the anti-phishing page on mozilla.com does say that the second choice (Google) does real-time checking whereas the first choice checks from a local file which is updated periodically. http://www.mozilla.com/en-US/firefox/phishing-protection/ And going into about:config there was a preference browser.safebrowsing.provider.0.updateURL which has a google uri as its value http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&; So effectively it seems both the checks happen against same provider's db where the real-time check would be more fresh if it changes fast. Another difference which might be of more importance is that with real-time checking the browser sends more information about the user's browsing habits than with the download option. /KS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
Mumia W.. wrote: > On 08/20/2007 10:18 AM, KS wrote: >> Mumia W.. wrote: >>> This feature is called "safebrowsing," and turning it off is as easy as >>> changing this option: >>> >>> Edit-> Preferences-> Security-> Tell me if the site I'm visiting is a >>> suspected forgery. >>> >> >> But there are two choices there. The first one checks for phishing from >> a downloaded list of websites, while the second one asks Google for each >> site one visits. For me the first choice is enabled by default and the >> second choice does give a warning dialog before accepting the TOS. >> >> I would assume that Iceweasel does not check with google for phishing >> with the first choice. > > Why would you assume that? > The difference between the two choices indicates that the second one checks for phishing for all sites the user visits (i.e. real time) whereas first one works with an already present list of websites (probably packaged with iceweasel?). >> Is that correct? Where does the downloaded list >> of websites come from and how often is it updated? >> > > I don't use Iceweasel often, but I do remember it downloading from Google. > Did it give you a dialog box or warning about downloading a file from Google (with the first choice selected for phishing)? /KS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
On 08/20/2007 10:18 AM, KS wrote: Mumia W.. wrote: This feature is called "safebrowsing," and turning it off is as easy as changing this option: Edit-> Preferences-> Security-> Tell me if the site I'm visiting is a suspected forgery. But there are two choices there. The first one checks for phishing from a downloaded list of websites, while the second one asks Google for each site one visits. For me the first choice is enabled by default and the second choice does give a warning dialog before accepting the TOS. I would assume that Iceweasel does not check with google for phishing with the first choice. Why would you assume that? Is that correct? Where does the downloaded list of websites come from and how often is it updated? /KS I don't use Iceweasel often, but I do remember it downloading from Google. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
Mumia W.. wrote: > > This feature is called "safebrowsing," and turning it off is as easy as > changing this option: > > Edit-> Preferences-> Security-> Tell me if the site I'm visiting is a > suspected forgery. > But there are two choices there. The first one checks for phishing from a downloaded list of websites, while the second one asks Google for each site one visits. For me the first choice is enabled by default and the second choice does give a warning dialog before accepting the TOS. I would assume that Iceweasel does not check with google for phishing with the first choice. Is that correct? Where does the downloaded list of websites come from and how often is it updated? /KS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google's search term completion [WAS] Re: Google checking my system?
On Fri, 17 Aug 2007 18:51:43 +0300 Atis <[EMAIL PROTECTED]> wrote: > > On 17/08/07, Celejar <[EMAIL PROTECTED]> wrote: > > I have noticed for a while that as I type into the IW / FF Google > > search box, a drop down list of suggestions (separate from a list of my > > previous searches) appears. I don't get the impression that the > > browser is downloading it on the fly, so when is that being pulled in? > > Is that included in the application installation, or is it also > > something the browser is doing on its own? > > This is very cool thing, they are downloaded real-time. It also > includes cool google's calculator, that knows a bunch of units, etc.. > Some examples - try typing them in search bar. > > 2+2 > 15inch in cm > sqrt(13)+cos(pi) Thanks! > Regards, > Atis Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google's search term completion [WAS] Re: Google checking my system?
> On 17/08/07, Celejar <[EMAIL PROTECTED]> wrote: > I have noticed for a while that as I type into the IW / FF Google > search box, a drop down list of suggestions (separate from a list of my > previous searches) appears. I don't get the impression that the > browser is downloading it on the fly, so when is that being pulled in? > Is that included in the application installation, or is it also > something the browser is doing on its own? This is very cool thing, they are downloaded real-time. It also includes cool google's calculator, that knows a bunch of units, etc.. Some examples - try typing them in search bar. 2+2 15inch in cm sqrt(13)+cos(pi) Regards, Atis -- Atis Lezdins, IT Responsible of BEST Riga, [EMAIL PROTECTED] ICQ: 142239285 Skype: atis.lezdins Cell Phone: +371 28806004 [Tele2, Latvia] Work phone: +1 800 7502835 [Toll free, USA] ?BEST? -> www.BEST.eu.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Google's search term completion [WAS] Re: Google checking my system?
On Fri, 17 Aug 2007 18:11:08 +0300 "Dotan Cohen" <[EMAIL PROTECTED]> wrote: > On 17/08/07, Celejar <[EMAIL PROTECTED]> wrote: > > I have noticed for a while that as I type into the IW / FF Google > > search box, a drop down list of suggestions (separate from a list of my > > previous searches) appears. I don't get the impression that the > > browser is downloading it on the fly, so when is that being pulled in? > > Is that included in the application installation, or is it also > > something the browser is doing on its own? > > > > > Krzysztof Lubanski > > > > It's AJAX, it's done in real time as you type. > > AJAX is also used in Gmail, and Gmail will periodically check for new > mail without refreshing the page. That's another potential source of > the connections. > > For more on AJAX: > http://what-is-what.com/what_is/ajax.html > > For more on Gmail: > http://what-is-what.com/what_is/gmail.html Thanks. I see that when the network is down, I don't get suggestions, so you're apparently correct, but the results are apparently cached, since any list that comes up while the network is up also comes up after I take it down. > Dotan Cohen Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
On 17/08/07, Celejar <[EMAIL PROTECTED]> wrote: > I have noticed for a while that as I type into the IW / FF Google > search box, a drop down list of suggestions (separate from a list of my > previous searches) appears. I don't get the impression that the > browser is downloading it on the fly, so when is that being pulled in? > Is that included in the application installation, or is it also > something the browser is doing on its own? > > > Krzysztof Lubanski > It's AJAX, it's done in real time as you type. AJAX is also used in Gmail, and Gmail will periodically check for new mail without refreshing the page. That's another potential source of the connections. For more on AJAX: http://what-is-what.com/what_is/ajax.html For more on Gmail: http://what-is-what.com/what_is/gmail.html Dotan Cohen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
On Thu, 16 Aug 2007 02:08:13 +0200 Krzysztof Lubański <[EMAIL PROTECTED]> wrote: > On Wed, 2007-08-15 at 14:39 -0400, Wayne Topa wrote: > > I have noticed recently, while watching iptraf, that I am getting > > connections from various google addresses. [...] > > > > This happen on 4 different network boxen, while they have > > iceweasel running, and sitting on our networks local homepage. > > It may have something to do with Firefox's new anti-phishing > functionality which fetches lists of phishing sites from Google: > > http://www.mozilla.com/en-US/firefox/phishing-protection/ > > One guy actually gets pissed about it here: > > http://discuss.extremetech.com/forums/1004384653/ShowThread.aspx > > He says the connections are still being made even after disabling the > forgery protection. Nasty if it's true. I have noticed for a while that as I type into the IW / FF Google search box, a drop down list of suggestions (separate from a list of my previous searches) appears. I don't get the impression that the browser is downloading it on the fly, so when is that being pulled in? Is that included in the application installation, or is it also something the browser is doing on its own? > Krzysztof Lubanski Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
Mumia W.. <[EMAIL PROTECTED]> wrote: > On 08/15/2007 06:39 PM, Steven wrote: >> On Wed, 15 Aug 2007 15:56:16 -0400, Wayne Topa wrote: >>> thought it was odd that google, or iceweasel, needed to know anything. >>> Of course the entry was dropped when I terminated iceweasel. >> I've noticed similar behavior for a few years. While I've never really >> been pleased with it there isn't much choice unless you feel like >> devoting a good chuck of your time to searching and patching the source. > This feature is called "safebrowsing," and turning it off is as easy as > changing this option: Wasn't there also an option in FF config for prefetching the first result from google? ISTR that it could only be disabled in about:config ... erm .. "network.prefetch-next". I use Konq, but at some point I installed Stumble plugin (?) -- there are additional prefetching options for that too. If it's default I'd certainly turn it off in a corporate environment JIC my browser tried to fetch a result I didn't ask for. In the OPs case it's probably just anti-phishing like you say. -- Jamin @ Home: Chester UK -<[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
It's featureware which opens just as many new MiM considerations as it solves phishing considerations. Pick your poison, I guess. There's still no real excuse for unrequested network connections during an idle session if its only purpose is to verify site identity during active use. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
On 08/15/2007 06:39 PM, Steven wrote: On Wed, 15 Aug 2007 15:56:16 -0400, Wayne Topa wrote: thought it was odd that google, or iceweasel, needed to know anything. Of course the entry was dropped when I terminated iceweasel. I've noticed similar behavior for a few years. While I've never really been pleased with it there isn't much choice unless you feel like devoting a good chuck of your time to searching and patching the source. [...] Huh? This feature is called "safebrowsing," and turning it off is as easy as changing this option: Edit-> Preferences-> Security-> Tell me if the site I'm visiting is a suspected forgery. What concerns me most is that it's never publicized (either to the user specifically or in common PR discussions about the internet) about which unrequested/automatic connections are being made. These discussions take place here: http://forums.mozillazine.org/ and here: http://lists.mozilla.org/ and here: alt.fan.mozilla and here: irc.mozilla.org and here (in your browser): Help Contents-> Preferences-> Security If there's any sort of data being exchanged then who writes the protocol for the data exchange? Most likely it is Google. I think I remember someone mentioning Opera using the safebrowsing information, so I don't think that Mozilla invented it. Search here: http://www.google.com/search?q=safebrowsing Who ensures that the protocol is secure? In all reality it's probably exchanging a completely innocuous bit of data but who ensures that data is exchanged in a fashion which isn't as wide open as the recent discussions involving URI functionality exploits. ( http:// security.itworld.com/5043/070815URIbrowserflaw/page_1.html ) Like I said, you can disable it if you don't want it. If you do so, make sure the people using that profile know how to discern between the real Paypal web site and a fake one. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
On Wed, 2007-08-15 at 14:39 -0400, Wayne Topa wrote: > I have noticed recently, while watching iptraf, that I am getting > connections from various google addresses. [...] > > This happen on 4 different network boxen, while they have > iceweasel running, and sitting on our networks local homepage. It may have something to do with Firefox's new anti-phishing functionality which fetches lists of phishing sites from Google: http://www.mozilla.com/en-US/firefox/phishing-protection/ One guy actually gets pissed about it here: http://discuss.extremetech.com/forums/1004384653/ShowThread.aspx He says the connections are still being made even after disabling the forgery protection. Nasty if it's true. -- Krzysztof Lubanski -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
On Wed, 15 Aug 2007 15:56:16 -0400, Wayne Topa wrote: > thought it was odd that google, or iceweasel, needed to know anything. > Of course the entry was dropped when I terminated iceweasel. I've noticed similar behavior for a few years. While I've never really been pleased with it there isn't much choice unless you feel like devoting a good chuck of your time to searching and patching the source. What concerns me most is that it's never publicized (either to the user specifically or in common PR discussions about the internet) about which unrequested/automatic connections are being made. If there's any sort of data being exchanged then who writes the protocol for the data exchange? Who ensures that the protocol is secure? In all reality it's probably exchanging a completely innocuous bit of data but who ensures that data is exchanged in a fashion which isn't as wide open as the recent discussions involving URI functionality exploits. ( http:// security.itworld.com/5043/070815URIbrowserflaw/page_1.html ) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
Michael Shuler([EMAIL PROTECTED]) is reported to have said: > On 08/15/2007 01:39 PM, Wayne Topa wrote: > > I have noticed recently, while watching iptraf, that I am getting > > connections from various google addresses. ie bu-in-f93.google.com > > currently. > > This would be your browser checking in with google. If you have a > browser open, it will connect for updated information periodically. > ie., netstat shows these connections on my system: Well it has a long memory then. This box was shut down last night for some maintenance. I fired it up this morning but didn't connect to the net, just our local server homepage. The box was running ktorrent to seed some files all morning though. > > tcp 0 0 10.6.104.165:34120 kc-in-f104.google.c:www ESTABLISHED > tcp 0 0 10.6.104.165:34121 kc-in-f104.google.c:www ESTABLISHED > > The above is from me -> google on port 80 when sitting on my igoogle page. Dumb me forgot to run netstat when I saw the slowdown. :-( > > This happen on 4 different network boxen, while they have > > iceweasel running, and sitting on our networks local homepage. > > > > As the connections were not initiated by any of the boxen, iptables > > _should_ be blocking them, so I am wondering if Google has, somehow, > > got around the firewall (firehol) rules. > > I pointed by browser away from google.com to some other site, and the > connections persisted as ESTABLISHED for a short time, then dropped. > After a little time, another connection fired up, same as above, so this > appears to be cookie-based(?). Interesting.. > > Your firewall probably has an > > iptables -A INPUT -m state --state "ESTABLISHED,RELATED" -j ACCEPT > > rule, meaning accept anything coming in if it is initiated from the inside. Yes, it does, but having not used iceweasel for anything today, I thought it was odd that google, or iceweasel, needed to know anything. Of course the entry was dropped when I terminated iceweasel. Thanks Michael. I'm sure you are correct. I'll check more if/when it happens again, and I'm sure it will. Best Regards Wayne -- Every bug you find is the last one. ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Google checking my system?
On 08/15/2007 01:39 PM, Wayne Topa wrote: > I have noticed recently, while watching iptraf, that I am getting > connections from various google addresses. ie bu-in-f93.google.com > currently. This would be your browser checking in with google. If you have a browser open, it will connect for updated information periodically. ie., netstat shows these connections on my system: tcp 0 0 10.6.104.165:34120 kc-in-f104.google.c:www ESTABLISHED tcp 0 0 10.6.104.165:34121 kc-in-f104.google.c:www ESTABLISHED The above is from me -> google on port 80 when sitting on my igoogle page. > This happen on 4 different network boxen, while they have > iceweasel running, and sitting on our networks local homepage. > > As the connections were not initiated by any of the boxen, iptables > _should_ be blocking them, so I am wondering if Google has, somehow, > got around the firewall (firehol) rules. I pointed by browser away from google.com to some other site, and the connections persisted as ESTABLISHED for a short time, then dropped. After a little time, another connection fired up, same as above, so this appears to be cookie-based(?). Interesting.. Your firewall probably has an iptables -A INPUT -m state --state "ESTABLISHED,RELATED" -j ACCEPT rule, meaning accept anything coming in if it is initiated from the inside. Kind Regards, Michael Shuler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Google checking my system?
I have noticed recently, while watching iptraf, that I am getting connections from various google addresses. ie bu-in-f93.google.com currently. Tha amount of traffic varies but sometimes really slows down any Debian upgrades that are running on other boxes. If I was on broadband I wouldn't have noticed these connections. This happen on 4 different network boxen, while they have iceweasel running, and sitting on our networks local homepage. As the connections were not initiated by any of the boxen, iptables _should_ be blocking them, so I am wondering if Google has, somehow, got around the firewall (firehol) rules. Has anyone else (broadband/dialup) noticed any connection from addresses like the above? Wayne -- Computers make very fast, very accurate mistakes. ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]