![]() The first is vaguely accurate, the latter is 100% accurate and no one is going to argue if the warning is needed. ![]() The message shown in the browser for a phishing warning is the same as when a website has an invalid SSL certificate. My point is that if you are going to design a system to identify bad websites it better be fail safe otherwise it is going to cause a lot of hurt. With great power comes great responsibility. My point is that with an browser (similar to an OS), they cannot take things lightly and flag things left and right based on "heuristics". None of these are ANY indication of phishing behavior and if this set of quackery based logic is what we see from Google Chrome, where else can we go to really feel safe and protected? * Whether page has links/images to other domains * Whether the page text contains some terms (in this case 'connexion') * Whether the page contains checkboxes/radio boxes * Whether the page contains password input box * The type of URL (IP vs domainname, number of subdomains, size of the subdomain names, the strings in the Path URL) The way the plugin appears to work is to look at various things The way Chrome's anti-phishing works is to use several foolish measures that mean nothing in the real world and then 'punish' and push websites into oblivion when someone crosses these arbitrary sets of rules. The world wide web is not a kiddie playground especially for a browser, and especially for a plugin whose's job is to detect phishing. Second, this code and the logic it employs is really bull. Thanks for the really useful tip to look into Chrome's debug log.įirst of all we see that this so called phishing detection filter's code is found at Sending phishing model to RenderProcessHost Toplevel URL is unchanged, not starting classification. Received server phishing verdict for URL: is_phishing:1 Feature extraction done (success:1) for URL. Not starting classification, last url from browser is, last finished load is chrome-extension://jpjpnpmbddbjkfaccnmhnkdgjideieim/background.html Sending phishing model to RenderProcessHost Sending phishing model to RenderProcessHost Starting classification for Not starting classification, no Scorer created. Instruct renderer to start phishing detection for URL: Must be nice to dream up some "algorithm" and push it out. No clue as to what caused it (We know that it can be triggered by simply changing the name of the "Login" button to "Connexion"!! ![]() Basically some "algorithm" thinks it has found phishyness with some score above 0.5 and flags it. P.S: It is happening to our software today. How to get in touch with Chrome team and solve the issue?Ģ.Ěre there any legal avenues or precedence to force Google to take action and claim compensation for lost business? Since our UI code (Developed in GWT) is common between our Enterprise and Consumer product (Tonido), if we this error start appearing in our consumer version (half a million users) it is an EXISTENTIAL RISK to our company that we have built over 5 years.ġ. Now all our support team is pretty much focused on this issue and fielding queries from our customers. There is no way to contact Google Chrome team to resolve this issue. We have spent countless hours in our resources to see what is going on and all thing points to heuristic decision making by Chrome browser. We are trying to find if there are any published "guidelines" as to legitimate web pages should NOT be doing to trigger these? Either there should be clear methods to resolve these warnings or Chrome should avoid doing this blanket-so-called-protection racket.īecause of Google’s missteps, our reputation as well as customer reputation got a hit. The chrome browser heuristically decides our login page as a phishing page and gives the wrong warning. It has to be heuristic based because it generates warning even on a debug/local webpage. The warning is not based on the domain and it appears in our different customer installations. With the latest Chrome update, the browser is showing phishing warning () with our installations. Think of it as a self-hosted alternative to Dropbox. Many businesses use our Enterprise File Sharing Product called FileCloud ().
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |