Henrik Nordstrom wrote:
sön 2007-06-24 klockan 14:52 +0200 skrev Andreas Pettersson
I was actually having a thought about that.. Is a url hash the only way
to go?
It is easy for a phisher to wildcard a whole subdirectory or even a
subdomain and make hashing of individual urls nearly useless.
Perhaps there should be an optional list of domains or dst adresses for
blocking the hosts obviously used only for phishing.
The Google lookup algorithm deals with that pretty efficiently, using
MD5 hashes which makes it very easy to scale in number of entries.
I'm not sure I follow you here..
If phisher has control of evil.com he could send out send out unique
urls in each and every spam, all pointing to the same physical host.
Sure, MD5 hashes is efficient, but the number of possible urls is nearly
unlimited. It would be much easier to list the host instead.
--
Andreas
