Comment #6 on issue 20306 by [email protected]: SafeBrowsing flags sites that only include images (even 404s) http://code.google.com/p/chromium/issues/detail?id=20306
The blacklist is at different levels of granularity. We do have the capability to blacklist a single file on a host, e.g. one image on an image site. We also have the capability to list an entire host, this usually happens when we find a significant number of the pages on the site to be compromised (often a rampant sql injection attack, or a compromised web server, e.g. someone modifying the apache configuration). So, yes, there is a possibility of false negatives, but I think you are overstating the likelihood. If someone includes an image from a site where the entire site is listed (e.g. a.com is a forum, b.com is a site where the majority of pages are bad so we list all of b.com, and a user includes an image from b.com on a.com), then from our perspective b.com is so compromised we don't want to trust any of the resources on there. You make the assumption that we can't block a major free image host. While it is correct that we would likely not want to block the entire thing, we can block individual files on the host. "Why don't you at least just block the specific image from loading" -- in general, it's a much harder problem than this. Abstracted one level, what we see is the following. There is a page, that page includes something bad. We know our list doesn't have 100% coverage, and we know that the page has some vulnerability that lets bad things be included. (That vulnerability could be by design, e.g. allowing users to post images, it could be something like sql injection, etc, from the browser pespective we have no idea.) So, we could not load the known bad thing, but we would not want to tell the user "hey, it's safe to go here cause we blocked the bad stuff" -- we know we don't have 100% coverage, we know that there is a vulnerability on the page and that that vulnerability has been exploited, so instead we tell the user "you should not go here." We actually see a lot of cases where there's a webpage that gets hacked, and scripts and iframes are added to multiple different hosts, some of which are on the list and some are not. So, we wouldn't want to just say "Well, we blocked the ones we know about, you're safe now." It's really not an easy problem :( -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
