Google Safe Browsing (High Level) - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

• What is SafeBrowsing? • How we (Firefox) use SafeBrowsing • How you can use SafeBrowsing

Slide 3

Slide 3 text

What is Safe Browsing? safebrowsing.google.com

Slide 4

Slide 4 text

It’s a free service operated by Google • It hosts lists of urls • malware • other unwanted software • phishing / social engineering • It’s used by Android, Gmail, Ads, Search, Chrome, Firefox, Safari, Opera

Slide 5

Slide 5 text

visiting malware url in Firefox

Slide 6

Slide 6 text

visiting unwanted software url in Firefox

Slide 7

Slide 7 text

visiting phishing url in Firefox

Slide 8

Slide 8 text

How are urls added to the lists?

Slide 9

Slide 9 text

phishing url

Slide 10

Slide 10 text

submit to Safe Browsing https://safebrowsing.google.com/safebrowsing/ report_badware/?hl=en

Slide 11

Slide 11 text

submit from Firefox Help → Report Deceptive Site

Slide 12

Slide 12 text

submit from Firefox

Slide 13

Slide 13 text

How many sites are in the lists?

Slide 14

Slide 14 text

https://transparencyreport.google.com/safe-browsing/overview

Slide 15

Slide 15 text

https://transparencyreport.google.com/safe-browsing/overview

Slide 16

Slide 16 text

https://transparencyreport.google.com/safe-browsing/overview

Slide 17

Slide 17 text

https://transparencyreport.google.com/safe-browsing/overview

Slide 18

Slide 18 text

How often do people encounter these sites?

Slide 19

Slide 19 text

https://transparencyreport.google.com/safe-browsing/overview

Slide 20

Slide 20 text

How does use Safe Browsing?

Slide 21

Slide 21 text

https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-ﬁrefox/

Slide 22

Slide 22 text

Firefox extension 2005

Slide 23

Slide 23 text

added to Firefox 2006

Slide 24

Slide 24 text

Checking “live” adds too much latency to page loads • Firefox gets new bad urls from Google every 30m • Before displaying a page to a user, check local db

Slide 25

Slide 25 text

The whole list is too big to download • each URL is canonicalized • then hashed • only the ﬁrst 32 bits are kept

Slide 26

Slide 26 text

False positives • Many urls could have the same 32-bit hash preﬁx • Get all the full hashes with the 32-bit preﬁx from the server • If page doesn’t match a full hash, it’s not on the list

Slide 27

Slide 27 text

Download protection • Download the ﬁle • Check the main url, referrer and redirect chain against local blocklist; block if match • (Windows) if signed, check signature against allow-list of good publishers • If ﬁle is not binary, allow • If binary, send metadata to application reputation server

Slide 28

Slide 28 text

What metadata? • ﬁlename • ﬁlesize • sha256 hash • locale

Slide 29

Slide 29 text

Privacy • Browsers don't send all visited urls to Google • Safe Browsing data is never used anywhere else at Google • Firefox removes query string params from download check • Firefox stores Safe Browsing cookies in separate storage • Firefox adds a number of extra “noise” 32-bit hashes when requesting complete hashes

Slide 30

Slide 30 text

How can you use it?

Slide 31

Slide 31 text

developers.google.com/safe-browsing

Slide 32

Slide 32 text

Need to get your site off the list? https://support.google.com/webmasters/answer/3258249?hl=en&ref_topic=4596795

Slide 33

Slide 33 text

https://developers.google.com/safe-browsing/v4/lookup-api

Slide 34

Slide 34 text

https://developers.google.com/safe-browsing/v4/update-api