Tuesday, November 25, 2008

Inside Safari 3.2’s Anti-phishing Features


The Apple Customer Privacy Policy says nothing about Safari sending any information to places other than the Web sites you’re visiting—but as of Safari 3.2, it does exactly that…If the URL of a page you want to visit matches the hash prefix of a known malicious page, Safari 3.2 appears to send that prefix to Google and ask for the entire 256-byte hash to make sure that this really is a malicious page (and also to verify that the page hasn’t been removed from Google’s lists since Safari’s last list update). Millions and millions of URLs could produce hashes that start with the same 32 bits, but if Google gets several requests for the same value, the company could reasonably infer that people were visiting the malicious page it had tracked—and since the request from Safari to Google comes from your IP address, Google might infer data from that as well.

Comments RSS · Twitter

Leave a Comment