Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I empathise with the viewpoint, but I don't think you're thinking like a hacker about this.

If safe browsing only blocked the subdomain when you have a certain threshold of "safe" subdomains, then attackers would just have a sufficient number of "safe" subdomains.

Also how do you set the threshold? It's dependent on the market that the subdomain hosting provider targets, it's dependent on how good their moderation is, it's dependent on how quickly they get indexed, all sorts.

Any solution needs to work for the case of malicious users, and needs to work at a scale of billions of pages, i.e. you can't use any human review or non-machine-identifiable information.



> If safe browsing only blocked the subdomain when you have a certain threshold of "safe" subdomains, then attackers would just have a sufficient number of "safe" subdomains.

If a website has a.example.com, b.example.com, foo.example.com, baz.example.com and they serve malware on baz, Iā€™m saying put that subdomain on the bad list. If they serve malware from many subdomains, block the whole domain.

The issue is that Google blocked a whole domain for just one bad subdomain. That seems too strict, and is very sad for all of the users of that domain.


So to distribute malware, I can buy a domain, set up a thousand subdomains, but only put malware on one of them. Then when that gets found I can move the malware to another, and so on, always being able to trivially work around blocking?

At least when done at the domain level there's a cost involved for getting a new domain, which disincentivises the creation of many malware hosting domains.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: