Google Safe Browsing Alerts: No to Phishing, Yes to XML

Network administrators have many responsibilities.  Is the server up?  Are e-mails bouncing?  Now, in addition to these low-level issues, Google's Safe Browsing Alerts for Network Administrators allow sysadmins to get alerts for web sites in their network which may be hosting malicious content.

Google has, of course, offered malware and hacked-site warnings through its Webmaster Tools for several years now.  The Safe Browsing Alerts system casts an even wider net, and as of October 14, 2010, also sends notifications for phishing URLs.  As Google's security team explains:  "A single network or ISP can host hundreds or thousands of different websites. Although network administrators may not be responsible for running the websites themselves, they have an interest in the quality of the content being hosted on their networks."  Some users may not even be aware that their sites have been compromised, and it's in an ISP's best interest to keep its network clean.

To use the alert system, sysadmins must register an Autonomous System (AS)--a collection of connected Internet Protocol (IP) routing prefixes that presents a common, clearly defined routing policy to the Internet; for example, a single data center--and verify their ownership.  The default is e-mail notifications, but Google also offers alerts in an XML format so they can be processed by scripts or other automation.

Safe Browsing Alerts are still experimental, and one prominent complaint from would-be users is that smaller ISPs may not own an AS which they can register.  For now, those sysadmins will need to work with their upstream providers, but it's a safe bet that Google will expand and improve their service if enough sites make use of it.

Hat tip: threatpost

Be sure to read the next Security article: How Digg's API Exposed 159 Fake Accounts Digg Claims Were Internal Tests