sön 2007-06-24 klockan 23:49 +0200 skrev Andreas Pettersson: > I'm not sure I follow you here.. > If phisher has control of evil.com he could send out send out unique > urls in each and every spam, all pointing to the same physical host. > Sure, MD5 hashes is efficient, but the number of possible urls is nearly > unlimited. It would be much easier to list the host instead.
And the Google SafeBrowsing lookup algorithm allows just that.. It's not just an MD5 of the complete URL. The URL is processed in many steps of varying granularity, each producing an MD5 to look up in the blacklist. http://code.google.com/apis/safebrowsing/developers_guide.html#PerformingLookups Note: In the worst case there is 5 * 6 = 30 different lookups per URL. Normally less than 10 however. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
