Google Chrome safe browsing API a tad suspicious
By George V. Hulme, CSO | Feb 13, 2012
Google strongly denies it's holding back anything from the API. In his blog, New SafeBrowsing Backend, Mozilla and Mobile Firefox developer Gian-Carlo Pascutto at first wrote that Firefox does not have permission to use the download protection list in the Safe Browsing API.
That statement has since been redacted following a response from Google, a response that highlights perhaps a deeper concern: privacy.
"We have offered the new Safe Browsing features to Mozilla in the past, so to say that we are holding back this functionality is inaccurate. From our conversations, our understanding is that Mozilla is still waiting for more data from Google about the effectiveness of our new technology, and is also considering the limited circumstances in which their users may send URLs to Google for scanning (this only happens if a page looks sufficiently suspicious). This new protection, which is designed to detect new phishing pages as well as malicious downloads, was highlighted recently on our Chromium Blog," wrote Ian Fette, senior product manager for Chrome.
"We believe this is a reasonable solution for Chrome users, and Microsoft takes a similar approach in Internet Explorer that involves sending URLs to Microsoft. The offer remains for Mozilla to have access to our new APIs for Firefox should they choose that it's in the best interests of their users," he wrote.
According to that Chromium Blog post from last week, "All About Safe Browsing" Google does not hold any personally identifiable information for more than two weeks, that the data isn't used anywhere else within Google, and that users can turn the Safe Browsing features off.
Mozilla doesn't appear to be fully swayed -- yet. "Our partnership with Google's safe browsing team is a positive one. Their team has made phishing and malware detection services available to our users and these are already implemented in Firefox. Their new services communicate more information back to Google about a user's browsing history, and we are still evaluating the merits of that approach," said Johnathan Nightingale, Mozilla's director of Firefox engineering, in a statement to CSOonline.
While Google and FireFox figure out the privacy implications, end users are left with a number of questions. The first is what level of privacy do they want to give up to improve browsing security, and secondly why -- at its best -- is Safe Browsing technology only 50 percent effective against these threats?
Accelerating the Deployment of the Evolved Cyber Range
Ixia BreakingPoint creates an Internet-scale cyber range environment from a single 7-inch-high device for arming and training cyber warriors. Learn how BreakingPoint can be used by organizations to defend national interests by assessing, educating, and certifying elite cyber warriors and equipping those forces to harden the resiliency of critical network and data center infrastructures.
A Six-Step Plan for Competitive Device Evaluations
This paper presents a six-step methodology for conducting competitive product evaluations that provide advance insight into the performance, security, and stability of devices within production network and data center environments. Following this will give insights on how to evaluate and select the network or security devices for Enterprise, Federal, and Carrier Infrastructures
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.