Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ugh.. this is the same problem that exists with Web of Trust. Too easily gamed, entire sites hurtfully (and wrongfully) flagged.

The more cynical side of me would say that MS got a chuckle out of this. After all, Dropbox is a competitor to SkyDrive.



I have assisted a number of companies in resolving these types of blocking issues. In 100% of cases it was not any system being "gamed." The culprit is always a hacked webserver hosting a phishing page, an open URL redirector being used in a massive spam campaign, or something else equally evil.

Only in rare cases will the company in question sheepishly admit they fucked up. Most of the time the site remains tight lipped, or blames $browservendor and maintains their innocence.


If you want to tell me WoT isn't gamed, install the toolbar and then go visit the MPAA's website.

As far as malware goes, vendors should exclude domains which are basically user-administrated file lockers. Someone uploading a file which may or may not be sketchy should never be cause for blocking of the entire freaking subdomain!


At which point, how do you identify which is a user-specific issue vs a site or fractional-site wide one?

And who's responsible for building that list? Does the vendor have to add things manually? Is there a submission process? How do you stop genuine malware sites from hosting multiple copies on subdomains and claiming innocence?

What about where you don't use subdomains, but a url structure like example.com/user/file/?

Making exceptions always sounds like the easy option, until you have to try doing it, and running it at any scale.


>At which point, how do you identify which is a user-specific issue vs a site or fractional-site wide one?

Separate subdomains, having a human spend 30 seconds clicking around and deciding "Oh, this is a file locker. Obviously not a malware host or infected site. Whitelisted".

>And who's responsible for building that list? Does the vendor have to add things manually? Is there a submission process?

The vendor. Which is how its done already. So yes and depends.

>How do you stop genuine malware sites from hosting multiple copies on subdomains and claiming innocence?

This is Dropbox, not TotallyLegitFiles302.ru

I see what you're getting at, but something this high visiblity (and obviousness to pretty much everyone) points to something rotten in their process somewhere.

Furthermore, it's more effective and efficent to just register a new domain than to haggle (in broken english, another red flag) with the platform owner.


try http://www.webutation.net/go/review/dropbox.com?req=bkmlet it has more sources.. google broke it's complete safebrowsing a few month ago too the same way!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: