Google offers security blacklists to all
API, already used by Firefox, lets developers warn of phishing, malicious URLs
Computerworld - Google Inc. yesterday released to outside developers the same security API currently used by its own Google Desktop and Mozilla Corp.'s Firefox for warding off phishing and malware-dropping Web sites.
Dubbed the Safe Browsing API, the application programming interface gives third-party developers a way to integrate the ability to check for malicious sites into their own applications, said a pair of Google developers in an entry on the company's security blog. "It provides a simple mechanism for downloading Google's lists of suspected phishing and malware URLs, so now any developer can access the blacklists," wrote Brian Rakowski and Garrett Casto.
Google maintains a pair of blacklists that any client application using the API can now access to warn users of potentially dangerous sites. Developers could use the API, suggested Google, to prevent users from posting phishing links on a blog or to alert users that a link from a software download site is a known malware distributor.
"The API is still experimental, but we hope it will be useful to ISPs, Web hosting companies and anyone building a site or an application that publishes or transmits user-generated links," Rakowski and Casto wrote in their blog posting.
According to the limited documentation Google made available, developers who choose to use the API have to comply with several guidelines and a live with a few limitations. Presumably for liability reasons, Google requires that developers qualify any warning. "You may not lead users to believe that the page in question is, without a doubt, a phishing page or a page that distributes malware," Google said. "You must qualify the warning using terms such as: suspected, potentially, possible, likely, may be."
Developers' client applications are also limited to 10,000 users sending regular requests to the API for the blacklists, Google noted, although it provided an e-mail address for requests to expand an application's user base.
Interested developers can request an API key at Google's site.
Safe Browsing's blacklists -- and the API that updates locally-stored lists on users' PCs -- is the basis of Firefox 2.0's current anti-phishing feature, and it may be used in Firefox 3.0, which is scheduled to ship before the end of the year, to display alerts of sites suspected of spewing malicious code.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts