Uploading to Google Mail ... a random obeservation

Hello,

Last week I was investigating something related to Gmail. I needed to upload a picture from a web server.

When you create an e-mail and want to include an image you click on the little icon and tell it is located on the web server.

What I noticed is that when the image is called 1.gif, Google will try every character so it tried to find 1, 1.g, 1.gi and 1.gif.

I would have expected them to wait until I stopped typing but apparently not. Yes, sometimes browsing a log is interesting.

Fun with Google Safe Browsing

You probably have encountered it, you want to go to a website and you get a red page to say that something is wrong with the site and malware has been found on it.

Google Safe Browsing is part of your standard Mozilla Firefox and Google Chrome browser. Google isn't the only one playing this game. Microsoft has its SmartScreen filter and most major AV-solutions have something similar.

This is all fun but what if you are interested as a website owner if you have been flagged? Well actually you can get this report. If you surf to http://www.google.com/safebrowsing/diagnostic?site= you get a nice overview of what was detected for that website.

An example:
http://www.google.com/safebrowsing/diagnostic?site=google.com

It tells me that for the domain google.com in the last 90 days 903341 pages got tested:

• 484 drive-by-downloads
• 252 trojans
• 103 exploits
• 46 scripting exploits

So as you see this has some value in risk management. Personally I use this technique for information gathering when doing incident handling. You can use it in a risk management to monitor your own website and those of who you do business with in a rather cheap way.

Another cool little trick is that you can get more information on an Autonomous System (AS). 

http://www.google.com/safebrowsing/diagnostic?site=AS:15169

If you are the owner of the AS, like my current employer is the owner of the Belnet AS with the number 2611, Google has a nice little tool to generate alerts for your incident handlers

http://www.google.com/safebrowsing/alerts/

Some of us don't own AS systems. Thus I want to share with you one last toy for website owners. Enter "Fetch Like Google.  "Fetch like Google" allows you to fetch up to 500 URLs a week for the sites you own and can be very handy to figure out if the Googlebot still sees your website as infected.

More info can be found at https://support.google.com/webmasters/answer/158587?hl=en.

Some people have trouble with https but I haven't had that experience personally. I found on this video on youtube which Google's answer to people having trouble. Basically it works for Google too.

Google Safebrowsing Webtest

Ever wondered how to check if a website has a record for being infected? Well Google can help you. When they scan the Internet for websites they scan also for malware. When you type in your browser:

http://google.com/safebrowsing/diagnostic?site=/

You will get a page back with how many pages where scanned and how much malware it found.

For facebook.com I got these results:

Of the 131,557 pages we have in the past 90 days on the site have been tested, have 31 page (s) without user consent malicious software downloaded and installed. The last time Google visited this site was on 08/08/2010. The last time suspicious content was found on this site was on 08/08/2010. Malicious software includes 132 scripting exploit (s), 3 trojan (s), 2 exploit (s)

It also mentions a bunch of domains like abeermahmoud.jeeran.com, albetaqa.jeeran.com, imageshack.us, rmooosh.net, textstream.co.za, freedesignlogo.com, and a bunch of URLs like facebook.com/dogswxeunck, facebook.com/pages/samra-iraq/imam-medhi-/85996831974/, and pdashmedia.com

I personally think it might be a good idea to have a look at which domains your users are going to, look it up and use this information to filter out the bad stuff.