sub-domains reputation

th3br41n
Posts: 1184
Joined: Sat Feb 25, 2012 1:45 am

RE: sub-domains reputation

Post by th3br41n » Sat Aug 25, 2012 6:59 pm

<quote user="notbuyingit">
[...]The best known problem with using regular expressions, of course, is that they may produce unexpected results unless they are written very carefully. [...]
[/quote]

It is a powerfull tool, but even the mass rating tool can be dangerous... With great power comes great responsibility :)

However, just to give some ideas, the tool could have a simple and an advanced interface... For example, in the simplified interface, the tool should only allow the identification of variable portions of a subdomain with an asterisc ("*"), so it should permit to define a subdomain as follows:

paypal.com. *. *. *. example.com

in this case the symbol * matches only a sequence of characters that are different from the period ("."), e.g.,

paypal.com.AbCdEfG.1415gt543t9.26535.example.com matches paypal.com. *. *. *. example.com
paypal.com.AbCdEfG.141erye59.26535.234234.example.com does not match
paypal.com.AbCdEfG.1415kyu9.265kuk35.2342ku4.23423ku4.example.com does not match
paypal.com.1234.5678.abcde.example.com matches
(and so on)

In the advanced interface, it should allow to use a regular expression to define a subdomain (i.e., a full regex tool).

In both interfaces, for security reasons, the tool should not allow to define regex on second or first level domains (e.g., paypal.com. *. *. *.com should not be allowed).


Myxt
Posts: 4141
Joined: Sat Mar 05, 2011 6:18 am

RE: sub-domains reputation

Post by Myxt » Sun Aug 26, 2012 6:53 am

I think this is quite a bit more dangerous than the MRT.

A single asterisk represents everything from [null] to a string of random characters the size of available memory, representing a godzillion possibilities. A 14-byte string of mixed case alphas, numbers, and special keyboard characters has potentially 1.6 octillion permutations.

And we're looking at how many levels of this? Soon, someone would start a topic complaining that he started rating a "set" but had to force shutdown so he could use his machine. When we then discover 100M or so nonexistent subdomains, with names even a scammer would not use, have been rated, who gets to fix it?

Not I.

th3br41n
Posts: 1184
Joined: Sat Feb 25, 2012 1:45 am

RE: sub-domains reputation

Post by th3br41n » Sun Aug 26, 2012 2:44 pm

<quote user="myxt">
I think this is quite a bit more dangerous than the MRT.

A single asterisk represents everything from [null] to a string of random characters the size of available memory, representing a godzillion possibilities. A 14-byte string of mixed case alphas, numbers, and special keyboard characters has potentially 1.6 octillion permutations.

And we're looking at how many levels of this? Soon, someone would start a topic complaining that he started rating a "set" but had to force shutdown so he could use his machine. When we then discover 100M or so nonexistent subdomains, with names even a scammer would not use, have been rated, who gets to fix it?

Not I.
[/quote]

we are talking about a regular expression tool... not a mass rating tool...

for a good explanation of the main idea you should read this post: https://www.mywot.com/en/forum/26218-sub-domains-reputation?comment=158854#comment-158854

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

RE: sub-domains reputation

Post by c۞g » Sun Aug 26, 2012 3:11 pm

<quote user="th3br41n">we are talking about a regular expression tool... not a mass rating tool[/quote]
Whether a separate tool or incorporated into the MRT...
What you intend on doing is creating scorecards for and rating subdomains which do not exist, this is irresponsible rating activity, not to mention that you would case WOT to generate bogus scorecards. Being irresponsible with ratings is how Platinum users lose access to the MRT


th3br41n
Posts: 1184
Joined: Sat Feb 25, 2012 1:45 am

RE: sub-domains reputation

Post by th3br41n » Sun Aug 26, 2012 3:47 pm

<quote user="c۞g">
Whether a separate tool or incorporated into the MRT...
What you intend on doing is creating scorecards for and rating subdomains which do not exist, this is irresponsible rating activity, not to mention that you would case WOT to generate bogus scorecards. Being irresponsible with ratings is how Platinum users lose access to the MRT
[/quote]

of course, the main target of a tool like this is to protect users...

in regards to the non-existence of a subdomain, I do not agree...
phishing makers usually use randomly generated subdomains as pointed out by NotBuyingIt in a previous post... All these sub-domains, even if randomly generated, "do exist".

As an example (from another thread) take these URLs:

posteitalia.bancoposte.it.0.tunceliemekgazetesi.com/italiane/servizi_online/app_login/login.php
posteitalia.bancoposte.it.1.tunceliemekgazetesi.com/italiane/servizi_online/app_login/login.php
posteitalia.bancoposte.it.2.tunceliemekgazetesi.com/italiane/servizi_online/app_login/login.php
(and so on)
posteitalia.bancoposte.it.*.tunceliemekgazetesi.com/italiane/servizi_online/app_login/login.php

all these URLs show a phishing webpage, hence, actually all domains posteitalia.bancoposte.it.*.tunceliemekgazetesi.com exist and are dangerous.

The tool I'm proposing requires only 1 string to be used to match subdomains, there is no need to create scorecards for each of them. "Whenever anybody accesses a subdomain that matches the expression, WOT dynamically recalculates the reputation for the subdomain to include the privileged user's ratings with an undiminished confidence level." WOT already does something like this when shows the scorecard of a subdomain (e.g., 12345.google.it).

Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

RE: sub-domains reputation

Post by Jazspeak » Sun Aug 26, 2012 5:06 pm

<quote user="c۞g">
"What you intend on doing is creating scorecards for and rating subdomains which do not exist, this is irresponsible rating activity..."
[/quote]

Echo that.

th3br41n
Posts: 1184
Joined: Sat Feb 25, 2012 1:45 am

RE: sub-domains reputation

Post by th3br41n » Sun Aug 26, 2012 5:10 pm

<quote user="jazspeak">
Echo that.
[/quote]

So, this scorecard is irresponsible: https://www.mywot.com/en/scorecard/12345.google.it


Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

RE: sub-domains reputation

Post by Jazspeak » Sun Aug 26, 2012 5:11 pm

<quote user="th3br41n">
"WOT already does something like this when shows the scorecard of a subdomain..."
[/quote]

Isn't that the problem, though? WOT has to create a scorecard for every subdomain, and with such an unrestricted search then there will be an unrestricted generation of WOT scorecards, many of which will be subdomains that do not actually exist but will have been generated by the search terms, and which all have to be processed and stored.

th3br41n
Posts: 1184
Joined: Sat Feb 25, 2012 1:45 am

RE: sub-domains reputation

Post by th3br41n » Sun Aug 26, 2012 5:15 pm

<quote user="jazspeak">
Isn't that the problem, though? WOT has to create a scorecard for every subdomain, and with such an unrestricted search then there will be an unrestricted generation of WOT scorecards, many of which will be subdomains that do not actually exist but will have been generated by the search terms, and which all have to be processed and stored.
[/quote]

no need to create scorecards for each subdomain, please read the entire thread...

Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

RE: sub-domains reputation

Post by Jazspeak » Sun Aug 26, 2012 5:26 pm

<quote user="th3br41n">
"no need to create scorecards for each subdomain, please read the entire thread..."
[/quote]

I have already been reading the entire thread before adding my tuppence worth.

I should have thought it quite obvious that being able to rate directly on scorecards rather than actually having to visit the site to verify its existence means that the WOT system has to generate each scorecard to be rated. Then when you look in your ratings list (that only you can see) there will be a link to the generated scorecard.

The number of generated scorecards would quickly increase, and it is clear that a large percentage of the generated scorecards will be for subdomains that do not exist but take up increasingly precious resources on the WOT system.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests