Search the Community
Showing results for tags 'safe browsing'.
Found 3 results
Batu69 posted a topic in Security & Privacy NewsWeb giant tries to fill the protection gap created when malicious sites clean up their act just long enough to ditch the Safe Browsing warning. Google has added a new classification to its Safe Browsing initiative to better protect users from malicious websites trying to game the system. Google's Safe Browsing warns users when they are about to visit a website known to violate the web giant's policies on malware, unwanted software, phishing or social engineering. The warning appears until Google verifies that the site in question no longer poses a threat to users. But some sites are only cleaning up their act just long enough to shake the warning, and then returning to their harmful behavior. That gap in user protection led Google to create a new label to warn users of sites that engage in this pattern. "Starting today, Safe Browsing will begin to classify these types of sites as "Repeat Offenders," Google explained in a company blog post Tuesday. "Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy." Once classified as a "repeat offender," sites will not be allowed to request a review for 30 days. During that time, users will continue to see messages warning them of the risk involved in visiting the site. Article source
The world wide web used to be like the wild west (and still sort of is). Visiting the wrong site would often mean an infection with malware or other nastiness, such as getting taken by scams. While that can still happen today, web surfers are much more protected. Some security suites don't only scan for and remove viruses on your hard drive, but prevent the download entirely. Not to mention, users are often better trained to recognize a scam. Unfortunately, no web browser or security software package is infallible -- nor is any user. Thankfully, Google is working around the clock to keep the world protected. Its Safe Browsing API is available to developers, allowing software -- such as Chrome -- to warn a user before they visit a dangerous site. Today, the search giant launches the fourth version of the API. "With protocol version 4, we've optimized for this new environment with a clear focus on maximizing protection per bit, which benefits all Safe Browsing users, mobile and desktop alike. Version 4 clients can now define constraints such as geographic location, platform type, and data caps to use bandwidth and device resources as efficiently as possible. This allows us to function well within the much stricter mobile constraints without sacrificing protection", says Emily Schechter and Alex Wozniak, Safe Browsing Team. Schechter and Wozniak explain to developers, "a single device should only have a single, up-to-date instance of Safe Browsing data, so we're taking care of that for all Android developers. Please don't implement your own Version 4 client on Android: we're working on making a simple, device-local API available to prevent any resource waste on device. We’ll announce the availability of this new device-local API as soon as possible; in the meantime, there’s no need to develop a Version 4 client on your own". That Android device-level implementation is rather genius. Think about it. If every app had to individually implement this, it would not only be a waste of resources, but a risk that a lackadaisical developer could stop updating for the newer API versions. By tying into a local API, developers can prevent their apps from becoming outdated from a Safe Browsing perspective. Developers leveraging the prior version don't need to panic. Version three will continue to be supported until 2017. Google does not share a specific date, so this could possibly be pushed back even further. While Safe Browsing is undeniably beneficial, there is a downside. All of the URLs you visit are passed to Google. After all, it needs to check the address against its server-side database. This is yet another way for the search giant to suck up valuable data. With that said, the benefits -- being protected from malware and phishing scams -- arguably outweigh any conspiracy theories. Article source
Batu69 posted a topic in Security & Privacy NewsGoogle announced yesterday an addition to the company's Safe Browsing technology (Deceptive Site Ahead) that will flag sites with deceptive buttons to users of the company's Chrome web browser and in other programs that make use of Safe Browsing. Deceptive buttons, either in the form of advertisement displayed on a page or embedded directly on a page by the owner of the site, come in many forms. These buttons may display actions to download, update, install or play on a site they are displayed on, and are usually accompanied by a notification-type message that makes the action seem important. Basic examples are actions to install software to play media on a page, or download buttons that don't download the software hosted on the site but unrelated third-party offerings. Deceptive Site Ahead The new "deceptive site ahead" message appears in the Chrome web browser instead of web pages if Google considers the site to be "social engineering" due to the use of content that tries to deceive users who visit it. The message reads: A click on details displays an option to override the warning and continue to the site. Google mentions two specific scenarios in which sites may be flagged as deceptive: While some webmasters use these types of deceptive practices on purpose, others may be affected by it indirectly though advertisement displayed on their sites. Google has created a support page for webmasters that offers instructions on how to troubleshoot the issue and resolve it so that the "deceptive site ahead" warning notification is removed from the site. Webmasters whose site's were flagged for containing social engineering content may start the troubleshooting by opening the security issues report on Google Webmaster Tools. There they should find listed information such as sample urls that were flagged. The actual removal may be problematic, as webmasters need to find the source of the deceptive content and remove it. Afterwards, they need to request a review of the site which Google claims may take between two and three days to complete. Article source