November 10, 2006

Hack Reveals How To Remove Sites From MSN Live Search?

Boogybonbon.com has revealed how you can potentially de-list your competitor's site from Microsoft's search engine. In short, most sites return a 200 status header for when you go to a page like domain.com/index.html?test=test or domain.com/index.html?test=test1234, etc. You can play on that by convincing Microsoft that a particular site has hundreds or thousands of duplicate pages, and at some point, Microsoft may penalize the site with a duplicate content penalty, where they de-list your site and home page. That is the short story, if you want the long write up visit Boogybonbon.com.

Postscript: Other coverage at Threadwatch and Search Engine Watch Forums.

Posted by Barry Schwartz at 9:32 AM | Permalink

November 9, 2006

Google Sends Porn Worm To 50,000+ Subscribers

'Porn' worm sent to 50,000 after Google blunder from Silicon.com covers how Google accidentally sent a worm to the official Google Video Blog email list

The worm apparently, which came in the form of pornography sent to the group, which had over 50,000 subscribers at the time. The Kama Sutra email, also known as W32/Kapser.A worm, was "designed to overwrite files on infected computers on a specific date."

If you got this email and downloaded the file, it is important that you run antivirus software on your computer. Google promised to try to not do that again.

Postscript From Danny: Google has a post about it here, which gives them a chance to pitch getting free antivirus software through the Google Pack.

Posted by Barry Schwartz at 7:43 AM | Permalink

October 18, 2006

Another Odd Post To An Official Google Blog Raises Security Concerns

Does another odd post to one of Google official blogs mean Google losing it in terms of security? It spurred Michael Arrington to fire up a list over at TechCrunch of other security issues, a couple I wouldn't agree were breaches. But I can add to the list as well, and there's no doubt these type of things hurt Google when during its expansion, it needs all the goodwill and trust it can get.

Yesterday, Google Blogoscoped wrote about a strange post on Blogger Buzz, the official blog for Google's Blogger. It turned out to be a case of someone who writes for the Blogger Buzz accidentally posting something meant for her personal blog on Blogger to the official one.

I can completely sympathize with this. About two weeks ago, I posted something to the Search Engine Watch Blog that I meant for my personal blog Daggle. Both use Movable Type, on completely different systems. But I had browser windows open to both of them and just picked the wrong one.

Unfortunately, the mistaken post (which is still up on Blogger Buzz for me) comes about a week after the Official Google Blog was hacked with a fake post. Add that to some other things, and people might be getting worried.

That's certainly Michael Arrington view at TechCrunch. He writes:

The fact that unauthorized document access is a simple password guess or government “request� away already works against them. But the steady stream of minor security incidents we’ve seen (many very recently) can also hurt Google in the long run. Running applications for businesses is serious stuff, and Google needs to be diligent about security.

Another minor incident came up this evening - a Google employee intended to post on her personal blog and wrote on the official Google blog covering Blogger instead....

Google product teams work in cells, which allows them to quickly launch and iterate products. However, there could be a disadvantage to this as well with regard to security, as their does not seem to be one central policy or security group ensuring strict compliance across the entire company. Every security incident damages Google’s credibility and reputation. Microsoft has been dealing with security issues forever - Google may need to start fighting the same war.

The post includes eight examples of security incidents since 2004. Some I don't agree with, but others I do -- and there are more not on the list. I posted about these at TechCrunch, but my comments aren't showing yet (and possibly didn't go through properly). Here's what I wrote:

Goodness knows I'm not going to defend them on a lot of this stuff. The repeated problems with Blogger security are becoming absurd. Three strikes on their own blog? But Mike, some perspective is probably in order.

Accidentally released Platypus? Sounds like Philipp has a contact at Google that leaked it to him. I suppose that's a security issue, but it's not really a user security issue. Lumping it in there doesn't feel fair. And if you're going to do that, then any time someone from any company leaks you something, you should be reporting that as a security breach from that company.

Some of the other items are iffy on the user security side. They left stuff in a Writely doc, similar to how they left stuff in that analyst presentation a few months before. Sloppy, yes. Security breach, no. Worthy of concern? Yes, because sloppy there could mean sloppy elsewhere.

To add others to your list:

• December 2004: Google Now Blocking Santy Worm "Security is something that we have to have even more renewed focus on," Google said about the case  
• Nov. 2005: Gmail Never Hacked, Google Says You note this above. To be fair, you'd have had to been so incredibly stupid to make this happen. Really, really stupid.  
• Nov. 2005: Major Security Flaw With Google Sitemaps Stats This was a fun one, allowed me to see stats for the US White House. Many others used it to see stats for other big sites.  
• Nov. 2005: Google Mini Security Issue Patched Security company praises Google for reacting quickly.  
• Feb. 2006: Google Account Security Breach with Book Search Another case where there's a security flaw if you're stupid. It's somewhat similar to saying credit cards have a flaw that if you give someone your number, they might be able to buy things with it. At least in this case, it's more possible someone would send a URL rather than a specific authentication code as with the Nov. 2005 case.  
• March 2006: Gmail Fixes JavaScript Security Hole They fixed it quickly.  
• June 2006: Google Fixes XSS Security Holes Another exploit.

Overall, I agree with you. These incidents hurt Google's reputation and the trust users may have with them. What I can't tell is how they stack up in trust compared to someone like Microsoft. I suspect they're still well ahead there. But it's not "may need" to fight the war. They're in that war now, and every new app increases their exposure to exploits.

Posted by Danny Sullivan at 7:40 AM | Permalink

October 9, 2006

Official Google Blog Gets Hacked After Message On Security

The Official Google Blog was hacked over the weekend, happening embarrassingly after Google had just posted about how seriously it takes security. It's also follows a pseudo-hack earlier this year, when someone else took over the Google Blog when the company accidentally deleted it.

The hack was covered in various places. Google Blogoscoped has a good write-up on what was initially posted (and screenshot here), an anonymous message saying that Google's click-to-call project had been cancelled:

After concientiously considering, Google has decided not to continue with Google Click-to-call project. The project has been in the media on last days because of the notice of Google agreement with e-Bay. We finally consider click-to-call agreement with e-Bay a monopolistic aproach that would damage small companies in the CRM area.

It felt like a hack to many, certainly to me as well, and I posted the same to Google Blogoscoped:

Got to be a hack. Especially notice what's currently tops on the Google blog, a post all about how "Google takes security very seriously and designs all of its services and applications to protect your privacy and data security." This almost certainly is someone reading how "we keep the bad guys out of our systems" and thumbing Google's nose to show nope, they don't.

That post from the Google Blog about security says in full:

Most readers of this blog are familiar with our mission to organize the world's information and make it universally accessible and useful. Maintaining the trust of our users and ensuring a positive experience using our products and services is paramount to our ability to accomplish our mission. As a result, Google takes security very seriously and designs all of its services and applications to protect your privacy and data security. Behind the scenes of these efforts is the Google Security Team. We keep the bad guys out of our systems and have brought you features like the anti-phishing extension in Google Toolbar and warnings about Internet malware. As part of our commitment to security, we're putting up some additional help content to let users and security researchers know how to quickly contact us on these issues. We've learned that when security is done right, it's done as a community, and this includes everybody: the people who use Google services (thank you all!), the software developers who make our applications, and the external security enthusiasts who keep us on our toes. These combined efforts go a long way toward making the Internet safer and more secure. Please visit our new security page and feel free to contact us anytime at security@google.com.

The post is incredibly ironic given what's now posted at the top of the blog:

A bug in Blogger enabled an unauthorized user to make a fake post on the Google Blog last night, claiming that we've discontinued our AdWords click-to-call test. The bug was fixed quickly and the post removed. As for the click-to-call test, it is progressing on schedule, and we're pleased with the results thus far.

A bug, also known as a security problem. So much for that trust Google was hoping to maintain with its users. It also happens ironically after publicity about Google shifting attention to improving existing projects, rather than rolling out new ones.

Philipp Lenssen at Google Blogoscoped pointed out what a nice visual contrast the two posts make and posted a screenshot. I couldn't help doing the same:

In March, Google deleted its own blog accidentally, allowing someone else the ability to claim the old Google URL and keep the blog running for a short time outside of Google's control. Official Google Blog Deleted, Blogger Registers googleblog.blogspot.com has more about that.

Finally, the hacked post was published by someone calling themselves Maximal. I found a post from another Maximal on Google Groups asking for help recently with the Google Data API.

Hi, I am making tests with Google Data API to publish my posts. The problem is ... my posts are being published into "the Honourable Dr Mantombazana Tshabalala-Msimang South Africa's Minister of Health" blog (I don't have to say I am not the minister of health of South Africa).

Any help before Honourable Minister of Health of South Africa would speak with Interpol would be apreciated.

Perhaps related?

Posted by Danny Sullivan at 6:16 AM | Permalink

August 4, 2006

Google Provides Warnings Of Potentially Hazardous Search Results

Philipp Lenssen found a Google Systems post that discovered Google now provides an intermediary page, for some search results, informing you that the result you clicked on may "harm your computer." You can see this intermediary page for yourself by clicking here, it looks like Google is calling it an interstitial page. Why even list the site in the search results if they may be harmful to your computer? Well, the key terms are "may be harmful," so let the user decide. I wonder if these potentially risky pages get some sort of downgrade in rankings?

Posted by Barry Schwartz at 9:35 AM | Permalink

July 31, 2006

Yahoo Finance Hacked & Defaced

Zone-H reports that earlier today, Yahoo's Finance section at biz.yahoo.com was hacked into and defaced. I have not seen any official confirmation or report from Yahoo on this story. They have mirrored the defacement here and here.

Posted by Barry Schwartz at 10:19 AM | Permalink

July 18, 2006

Malware Search Engine Powered By Google

H.D. Moore of Metasploit designed a vertical search engine using the Google API to search specifically for malware. The search engine can be found here.

This follows news last week of a private search engine having been developed to do the same thing.

Ryan Naraine at eWeek has an excellent write up on how the engine works, describing that the search engine has been coded with 300 malware signatures with hopes to increase that to 6,000. The engine then searches the web according to Google and finds executable files that match those signatures.

Steven Bryant from Google Watch notes that Metasploit changed the logo to "censored" it after possibly receiving a cease and desist letter from Google. Here is the before and after.

Looks to me that Metasploit is having fun with this. I really don't know if Google complained to Metasploit that he used the colors of the Google logo for this logo. But it is funny, nonetheless.

Now, is this a good thing for the public to have access to? I got other news to report, you can debate that question yourself.

Posted by Barry Schwartz at 8:47 AM | Permalink

Malware Search Engine Powered By Google

H.D. Moore of Metasploit designed a vertical search engine using the Google API to search specifically for malware. The search engine can be found here.

This follows news last week of a private search engine having been developed to do the same thing.

Ryan Naraine at eWeek has an excellent write up on how the engine works, describing that the search engine has been coded with 300 malware signatures with hopes to increase that to 6,000. The engine then searches the web according to Google and finds executable files that match those signatures.

Steven Bryant from Google Watch notes that Metasploit changed the logo to "censored" it after possibly receiving a cease and desist letter from Google. Here is the before and after.

Looks to me that Metasploit is having fun with this. I really don't know if Google complained to Metasploit that he used the colors of the Google logo for this logo. But it is funny, nonetheless.

Now, is this a good thing for the public to have access to? I got other news to report, you can debate that question yourself.

Posted by Kevin Heisler at 8:47 AM | Permalink

Malware Search Engine Powered By Google

H.D. Moore of Metasploit designed a vertical search engine using the Google API to search specifically for malware. The search engine can be found here.

This follows news last week of a private search engine having been developed to do the same thing.

Ryan Naraine at eWeek has an excellent write up on how the engine works, describing that the search engine has been coded with 300 malware signatures with hopes to increase that to 6,000. The engine then searches the web according to Google and finds executable files that match those signatures.

Steven Bryant from Google Watch notes that Metasploit changed the logo to "censored" it after possibly receiving a cease and desist letter from Google. Here is the before and after.

Looks to me that Metasploit is having fun with this. I really don't know if Google complained to Metasploit that he used the colors of the Google logo for this logo. But it is funny, nonetheless.

Now, is this a good thing for the public to have access to? I got other news to report, you can debate that question yourself.

Posted by Kevin Heisler at 8:47 AM | Permalink

Malware Search Engine Powered By Google

H.D. Moore of Metasploit designed a vertical search engine using the Google API to search specifically for malware. The search engine can be found here.

This follows news last week of a private search engine having been developed to do the same thing.

Ryan Naraine at eWeek has an excellent write up on how the engine works, describing that the search engine has been coded with 300 malware signatures with hopes to increase that to 6,000. The engine then searches the web according to Google and finds executable files that match those signatures.

Steven Bryant from Google Watch notes that Metasploit changed the logo to "censored" it after possibly receiving a cease and desist letter from Google. Here is the before and after.

Looks to me that Metasploit is having fun with this. I really don't know if Google complained to Metasploit that he used the colors of the Google logo for this logo. But it is funny, nonetheless.

Now, is this a good thing for the public to have access to? I got other news to report, you can debate that question yourself.

Posted by Kevin Heisler at 8:47 AM | Permalink

July 12, 2006

Google Pages & Yahoo Geocities Phishing Attacks

We learn from VNUnet.com that there are phishing scams on Google Pages and we also learn from Slashdot that Yahoo's Geocities has a similar issue. A email goes out telling people they can win a "$500 cash prize, and that the money can be paid automatically if they click on the embedded web link."

Posted by Barry Schwartz at 10:53 AM | Permalink

Google Pages & Yahoo Geocities Phishing Attacks

We learn from VNUnet.com that there are phishing scams on Google Pages and we also learn from Slashdot that Yahoo's Geocities has a similar issue. A email goes out telling people they can win a "$500 cash prize, and that the money can be paid automatically if they click on the embedded web link."

Posted by Kevin Heisler at 10:53 AM | Permalink

Google Pages & Yahoo Geocities Phishing Attacks

We learn from VNUnet.com that there are phishing scams on Google Pages and we also learn from Slashdot that Yahoo's Geocities has a similar issue. A email goes out telling people they can win a "$500 cash prize, and that the money can be paid automatically if they click on the embedded web link."

Posted by Kevin Heisler at 10:53 AM | Permalink

Google Pages & Yahoo Geocities Phishing Attacks

We learn from VNUnet.com that there are phishing scams on Google Pages and we also learn from Slashdot that Yahoo's Geocities has a similar issue. A email goes out telling people they can win a "$500 cash prize, and that the money can be paid automatically if they click on the embedded web link."

Posted by Kevin Heisler at 10:53 AM | Permalink

July 10, 2006

Google Binary Search Not Only Finds Malware But Also Shows Signs Of More

PCWorld reports that Google's binary search feature came in handy to locate "thousands of malicious Web sites, as well as several legitimate sites that have been hacked." The feature reads executable files and can locate some malicious code within those files. It was used to help find malicious sites and programs by a security vendor named Websense. The article also explains that binary search may be a sign that "Google may be thinking about becoming a file searching service."

Posted by Barry Schwartz at 8:15 AM | Permalink

Google Binary Search Not Only Finds Malware But Also Shows Signs Of More

PCWorld reports that Google's binary search feature came in handy to locate "thousands of malicious Web sites, as well as several legitimate sites that have been hacked." The feature reads executable files and can locate some malicious code within those files. It was used to help find malicious sites and programs by a security vendor named Websense. The article also explains that binary search may be a sign that "Google may be thinking about becoming a file searching service."

Posted by Kevin Heisler at 8:15 AM | Permalink

Google Binary Search Not Only Finds Malware But Also Shows Signs Of More

PCWorld reports that Google's binary search feature came in handy to locate "thousands of malicious Web sites, as well as several legitimate sites that have been hacked." The feature reads executable files and can locate some malicious code within those files. It was used to help find malicious sites and programs by a security vendor named Websense. The article also explains that binary search may be a sign that "Google may be thinking about becoming a file searching service."

Posted by Kevin Heisler at 8:15 AM | Permalink

Google Binary Search Not Only Finds Malware But Also Shows Signs Of More

PCWorld reports that Google's binary search feature came in handy to locate "thousands of malicious Web sites, as well as several legitimate sites that have been hacked." The feature reads executable files and can locate some malicious code within those files. It was used to help find malicious sites and programs by a security vendor named Websense. The article also explains that binary search may be a sign that "Google may be thinking about becoming a file searching service."

Posted by Kevin Heisler at 8:15 AM | Permalink

July 6, 2006

Google Fixes XSS Security Holes

A security vulnerability in Google, discovered and posted at ha.ckers.org was patched quickly by Google. Both Philipp Lenssen and JasonD posted about the XSS hole that enables hackers to deploy phishing scams, cookie stealing, and creation of worms. Matt Cutts of Google was quick to reply to the Threadwatch post stating that the hole has "either fixed or the fix is going out."

Posted by Barry Schwartz at 9:00 AM | Permalink

Google Fixes XSS Security Holes

A security vulnerability in Google, discovered and posted at ha.ckers.org was patched quickly by Google. Both Philipp Lenssen and JasonD posted about the XSS hole that enables hackers to deploy phishing scams, cookie stealing, and creation of worms. Matt Cutts of Google was quick to reply to the Threadwatch post stating that the hole has "either fixed or the fix is going out."

Posted by Kevin Heisler at 9:00 AM | Permalink

Google Fixes XSS Security Holes

A security vulnerability in Google, discovered and posted at ha.ckers.org was patched quickly by Google. Both Philipp Lenssen and JasonD posted about the XSS hole that enables hackers to deploy phishing scams, cookie stealing, and creation of worms. Matt Cutts of Google was quick to reply to the Threadwatch post stating that the hole has "either fixed or the fix is going out."

Posted by Kevin Heisler at 9:00 AM | Permalink

Google Fixes XSS Security Holes

A security vulnerability in Google, discovered and posted at ha.ckers.org was patched quickly by Google. Both Philipp Lenssen and JasonD posted about the XSS hole that enables hackers to deploy phishing scams, cookie stealing, and creation of worms. Matt Cutts of Google was quick to reply to the Threadwatch post stating that the hole has "either fixed or the fix is going out."

Posted by Kevin Heisler at 9:00 AM | Permalink

June 26, 2006

Follow-Up: School Couldn't Reach Google Until Injunction Filed

Catawba County Schools in North Carolina obtained an injunction to remove private material from Google because it had no luck getting action from the search engine after trying other routes, the district tells me. The school district also stressed that it didn't claim that Google had somehow hacked into its servers. Here's what Catawba County School's chief technology officer Judith Ray emailed me about the situation:

We asserted that Google had somehow bypassed our login information, not that they had hacked their way into the system. Hacking, to me assumes malicious intent and we never intended to imply that Google was doing anything other than spidering all the web sites available.

There is also miscommunication about "all users" being required to log in. The DocuShare server is a repository for both public and private information with logins being required for users who are authorized to view the restricted information. There are hundreds of pages of information that we share from DocuShare with users around the state. These are completely open and are not supposed to [be] password protected.

We did troubleshoot this situation by searching for the students' information at Yahoo, Dogpile, and AltaVista. We did not find any information on these three search engine returns and we attempted the searches over a three-day period.

We acted so aggressively with Google because, until the media got involved, we could not get beyond an operator at Google. We could not get operators to connect us with technical support, the legal department, or to anyone higher up in the organization. We were only given an email address to which we could submit a complain - which we did but got no response. Google has a link to submit an emergency request [see here] but on both Thursday and Friday of last week, the link took you to a dead page. Only when the news media submitted its own inquiry to Google did we get a call regarding the situation. And [Google] has been most helpful in working through this situation with us.

Of course, none of us who are employed with Catawba County Schools at the current time were involved when Xerox set up this server. We are trying to ascertain if the server was incorrectly setup/protected or if the appropriate include meta tags or strings were not included.

Google Blamed For Indexing Student Test Scores & Social Security Numbers from us earlier has more background on the injunction plus how I was finding pages from what the district said was a password protected area to still be available through Yahoo. As clarified above, some of these pages indeed didn't require a login to view.

Our story originally was headlined "Google Blamed For Hacking & Indexing Students Test Scores & Social Security Numbers" and said in one part, "the school [district] blames Google for some how breaking into a password protected area and indexing the content."

As stated above, the school district itself never appears to have said anything about being hacked, only that Google somehow got into information it believed was password protected, as it says on the home page of the district site:

We do not know how Google was able to access the secure, password-protected site. Once Google does access a site, it places a copy of the data on its own server. We immediately called and emailed Google, requesting the urgent removal of the link and site data. We have eliminated the link from our end and it appears that as of Friday night, June 23, 2006, Google eliminated the site from their end.

The hacking reference seems to come from the "Google 'hacked our website'" story at The Inquirer, which we linked to in our original story. While the headline says "hacked" in quotes, the story itself doesn't have anyone from the school district saying this.

Digg also has a School claimed google hacked it's private servers and then posted that data article. Again, the school district isn't alleging hacking, only that Google somehow got into information it believed was restricted. How that happened is still being investigated.

As for the reference to Xerox in the school district's explanation, in doing some investigating in our original piece, I noted that the server seemed to be managed by Xerox and shared by other companies as well, with material for those companies appearing to be hosted on the school district's domain. As noted, the school district doesn't know why this was happening, and it remains something they are looking at.

Finally, Google's had problems with the automated page removal tool before, though not that it was down but instead allowing people to remove pages from sites they didn't own. More on that in our 2004 story, Google Confirms Automated Page Removal Bug.

Posted by Danny Sullivan at 1:35 PM | Permalink

Follow-Up: School Couldn't Reach Google Until Injunction Filed

Catawba County Schools in North Carolina obtained an injunction to remove private material from Google because it had no luck getting action from the search engine after trying other routes, the district tells me. The school district also stressed that it didn't claim that Google had somehow hacked into its servers. Here's what Catawba County School's chief technology officer Judith Ray emailed me about the situation:

We asserted that Google had somehow bypassed our login information, not that they had hacked their way into the system. Hacking, to me assumes malicious intent and we never intended to imply that Google was doing anything other than spidering all the web sites available.

There is also miscommunication about "all users" being required to log in. The DocuShare server is a repository for both public and private information with logins being required for users who are authorized to view the restricted information. There are hundreds of pages of information that we share from DocuShare with users around the state. These are completely open and are not supposed to [be] password protected.

We did troubleshoot this situation by searching for the students' information at Yahoo, Dogpile, and AltaVista. We did not find any information on these three search engine returns and we attempted the searches over a three-day period.

We acted so aggressively with Google because, until the media got involved, we could not get beyond an operator at Google. We could not get operators to connect us with technical support, the legal department, or to anyone higher up in the organization. We were only given an email address to which we could submit a complain - which we did but got no response. Google has a link to submit an emergency request [see here] but on both Thursday and Friday of last week, the link took you to a dead page. Only when the news media submitted its own inquiry to Google did we get a call regarding the situation. And [Google] has been most helpful in working through this situation with us.

Of course, none of us who are employed with Catawba County Schools at the current time were involved when Xerox set up this server. We are trying to ascertain if the server was incorrectly setup/protected or if the appropriate include meta tags or strings were not included.

Google Blamed For Indexing Student Test Scores & Social Security Numbers from us earlier has more background on the injunction plus how I was finding pages from what the district said was a password protected area to still be available through Yahoo. As clarified above, some of these pages indeed didn't require a login to view.

Our story originally was headlined "Google Blamed For Hacking & Indexing Students Test Scores & Social Security Numbers" and said in one part, "the school [district] blames Google for some how breaking into a password protected area and indexing the content."

As stated above, the school district itself never appears to have said anything about being hacked, only that Google somehow got into information it believed was password protected, as it says on the home page of the district site:

We do not know how Google was able to access the secure, password-protected site. Once Google does access a site, it places a copy of the data on its own server. We immediately called and emailed Google, requesting the urgent removal of the link and site data. We have eliminated the link from our end and it appears that as of Friday night, June 23, 2006, Google eliminated the site from their end.

The hacking reference seems to come from the "Google 'hacked our website'" story at The Inquirer, which we linked to in our original story. While the headline says "hacked" in quotes, the story itself doesn't have anyone from the school district saying this.

Digg also has a School claimed google hacked it's private servers and then posted that data article. Again, the school district isn't alleging hacking, only that Google somehow got into information it believed was restricted. How that happened is still being investigated.

As for the reference to Xerox in the school district's explanation, in doing some investigating in our original piece, I noted that the server seemed to be managed by Xerox and shared by other companies as well, with material for those companies appearing to be hosted on the school district's domain. As noted, the school district doesn't know why this was happening, and it remains something they are looking at.

Finally, Google's had problems with the automated page removal tool before, though not that it was down but instead allowing people to remove pages from sites they didn't own. More on that in our 2004 story, Google Confirms Automated Page Removal Bug.

Posted by Kevin Heisler at 1:35 PM | Permalink

Follow-Up: School Couldn't Reach Google Until Injunction Filed

Catawba County Schools in North Carolina obtained an injunction to remove private material from Google because it had no luck getting action from the search engine after trying other routes, the district tells me. The school district also stressed that it didn't claim that Google had somehow hacked into its servers. Here's what Catawba County School's chief technology officer Judith Ray emailed me about the situation:

We asserted that Google had somehow bypassed our login information, not that they had hacked their way into the system. Hacking, to me assumes malicious intent and we never intended to imply that Google was doing anything other than spidering all the web sites available.

There is also miscommunication about "all users" being required to log in. The DocuShare server is a repository for both public and private information with logins being required for users who are authorized to view the restricted information. There are hundreds of pages of information that we share from DocuShare with users around the state. These are completely open and are not supposed to [be] password protected.

We did troubleshoot this situation by searching for the students' information at Yahoo, Dogpile, and AltaVista. We did not find any information on these three search engine returns and we attempted the searches over a three-day period.

We acted so aggressively with Google because, until the media got involved, we could not get beyond an operator at Google. We could not get operators to connect us with technical support, the legal department, or to anyone higher up in the organization. We were only given an email address to which we could submit a complain - which we did but got no response. Google has a link to submit an emergency request [see here] but on both Thursday and Friday of last week, the link took you to a dead page. Only when the news media submitted its own inquiry to Google did we get a call regarding the situation. And [Google] has been most helpful in working through this situation with us.

Of course, none of us who are employed with Catawba County Schools at the current time were involved when Xerox set up this server. We are trying to ascertain if the server was incorrectly setup/protected or if the appropriate include meta tags or strings were not included.

Google Blamed For Indexing Student Test Scores & Social Security Numbers from us earlier has more background on the injunction plus how I was finding pages from what the district said was a password protected area to still be available through Yahoo. As clarified above, some of these pages indeed didn't require a login to view.

Our story originally was headlined "Google Blamed For Hacking & Indexing Students Test Scores & Social Security Numbers" and said in one part, "the school [district] blames Google for some how breaking into a password protected area and indexing the content."

As stated above, the school district itself never appears to have said anything about being hacked, only that Google somehow got into information it believed was password protected, as it says on the home page of the district site:

We do not know how Google was able to access the secure, password-protected site. Once Google does access a site, it places a copy of the data on its own server. We immediately called and emailed Google, requesting the urgent removal of the link and site data. We have eliminated the link from our end and it appears that as of Friday night, June 23, 2006, Google eliminated the site from their end.

The hacking reference seems to come from the "Google 'hacked our website'" story at The Inquirer, which we linked to in our original story. While the headline says "hacked" in quotes, the story itself doesn't have anyone from the school district saying this.

Digg also has a School claimed google hacked it's private servers and then posted that data article. Again, the school district isn't alleging hacking, only that Google somehow got into information it believed was restricted. How that happened is still being investigated.

As for the reference to Xerox in the school district's explanation, in doing some investigating in our original piece, I noted that the server seemed to be managed by Xerox and shared by other companies as well, with material for those companies appearing to be hosted on the school district's domain. As noted, the school district doesn't know why this was happening, and it remains something they are looking at.

Finally, Google's had problems with the automated page removal tool before, though not that it was down but instead allowing people to remove pages from sites they didn't own. More on that in our 2004 story, Google Confirms Automated Page Removal Bug.

Posted by Kevin Heisler at 1:35 PM | Permalink

Follow-Up: School Couldn't Reach Google Until Injunction Filed

Catawba County Schools in North Carolina obtained an injunction to remove private material from Google because it had no luck getting action from the search engine after trying other routes, the district tells me. The school district also stressed that it didn't claim that Google had somehow hacked into its servers. Here's what Catawba County School's chief technology officer Judith Ray emailed me about the situation:

We asserted that Google had somehow bypassed our login information, not that they had hacked their way into the system. Hacking, to me assumes malicious intent and we never intended to imply that Google was doing anything other than spidering all the web sites available.

There is also miscommunication about "all users" being required to log in. The DocuShare server is a repository for both public and private information with logins being required for users who are authorized to view the restricted information. There are hundreds of pages of information that we share from DocuShare with users around the state. These are completely open and are not supposed to [be] password protected.

We did troubleshoot this situation by searching for the students' information at Yahoo, Dogpile, and AltaVista. We did not find any information on these three search engine returns and we attempted the searches over a three-day period.

We acted so aggressively with Google because, until the media got involved, we could not get beyond an operator at Google. We could not get operators to connect us with technical support, the legal department, or to anyone higher up in the organization. We were only given an email address to which we could submit a complain - which we did but got no response. Google has a link to submit an emergency request [see here] but on both Thursday and Friday of last week, the link took you to a dead page. Only when the news media submitted its own inquiry to Google did we get a call regarding the situation. And [Google] has been most helpful in working through this situation with us.

Of course, none of us who are employed with Catawba County Schools at the current time were involved when Xerox set up this server. We are trying to ascertain if the server was incorrectly setup/protected or if the appropriate include meta tags or strings were not included.

Google Blamed For Indexing Student Test Scores & Social Security Numbers from us earlier has more background on the injunction plus how I was finding pages from what the district said was a password protected area to still be available through Yahoo. As clarified above, some of these pages indeed didn't require a login to view.

Our story originally was headlined "Google Blamed For Hacking & Indexing Students Test Scores & Social Security Numbers" and said in one part, "the school [district] blames Google for some how breaking into a password protected area and indexing the content."

As stated above, the school district itself never appears to have said anything about being hacked, only that Google somehow got into information it believed was password protected, as it says on the home page of the district site:

We do not know how Google was able to access the secure, password-protected site. Once Google does access a site, it places a copy of the data on its own server. We immediately called and emailed Google, requesting the urgent removal of the link and site data. We have eliminated the link from our end and it appears that as of Friday night, June 23, 2006, Google eliminated the site from their end.

The hacking reference seems to come from the "Google 'hacked our website'" story at The Inquirer, which we linked to in our original story. While the headline says "hacked" in quotes, the story itself doesn't have anyone from the school district saying this.

Digg also has a School claimed google hacked it's private servers and then posted that data article. Again, the school district isn't alleging hacking, only that Google somehow got into information it believed was restricted. How that happened is still being investigated.

As for the reference to Xerox in the school district's explanation, in doing some investigating in our original piece, I noted that the server seemed to be managed by Xerox and shared by other companies as well, with material for those companies appearing to be hosted on the school district's domain. As noted, the school district doesn't know why this was happening, and it remains something they are looking at.

Finally, Google's had problems with the automated page removal tool before, though not that it was down but instead allowing people to remove pages from sites they didn't own. More on that in our 2004 story, Google Confirms Automated Page Removal Bug.

Posted by Kevin Heisler at 1:35 PM | Permalink

Google Blamed For Indexing Student Test Scores & Social Security Numbers

Google "hacked our website" from The Inquirer points to Blame game from the Hickory Record, a story about how the Catawba County Schools in North Carolina has gained a temporary injunction for "Google to remove any information pertaining to Catawba County Schools Board of Education from its server and index and alleges conversion and trespass against the corporation." The school blames Google for some how getting into a password protected area and indexing the content.

Let me make this clear, Google cannot submit forms or type in usernames and passwords. Someone at the school must of left an opening for Google. The security hole came from possibly someone publishing the content publicly, somehow, or by letting down the security or by posting a hyper-linked URL with an embedded password in the URL.

I agree, Google should remove this sensitive information, which they did on Friday after the judge issued the temporary injunction. But Google should not be blamed for this.

Postscript From Danny: As Barry notes, this isn't a case of Google deserving blame. It cannot guess at a protected server's usernames or passwords, nor is it configured to try and hack its way in. If this information got into Google, that's almost certainly because it was left unprotected somehow despite the school's "very secure site."

Since the school says all personal information has now been removed and is protected, I'll explain more at what I guess happened.

The story mentions that somehow, information from the site's supposedly protected DocuShare server got onto the web. OK, where is that server? The story doesn't say, but this search at over at Yahoo gives the likely location:

docushare catawba

Fifth down is this:

DocuShare Authorization Error Not Authorized. You are currently listed as Guest, which means you are not logged in. ... Password: Domain: DocuShare Catawba County. Copyright © 1996-2003 Xerox Corporation ... docucentre.catawba.k12.nc.us/docushare/dsweb/View/Collection-1546 - 6k - Cached - More from this site - Save

That shows you that Yahoo tried to access a protected page on the DocuShare server at docucentre.catawba.k12.nc.us. Is this the secure server that Google somehow managed to penetrate? Probably, given that this search shows nothing at Google now:

site:docucentre.catawba.k12.nc.us

That search comes up with no matches. That's probably because Google responded to the complaint last Friday to remove all pages from this domain. But since no one contacted Yahoo, there's a good chance pages from the domain still show over there. And in fact, that search at Yahoo currently shows 13,500 matches.

Are any of these the pages the ones with sensitive information? I did some searches that I felt should bring up whatever the page was that Google was finding and had no luck. This means:

• Yahoo didn't have it, because it didn't crawl as deep
• Yahoo didn't have it, because Google really did somehow manage to get pass a password barrier
• Yahoo didn't have it, because I'm not guessing at the right words in the document

Yahoo clear has some information that the school district itself says:

This site was a DocuShare password-protected site that required all users to log-in

No, not all users had to log-in. If that was the case, you wouldn't see any cached documents at all, such as this one. Clearly, some content was accessible without being logged in -- which makes it possible that some content wasn't properly placed behind password protection.

Postscript 2: See our follow-up, Follow-Up: School Couldn't Reach Google Until Injunction Filed

Posted by Barry Schwartz at 8:51 AM | Permalink

Google Blamed For Indexing Student Test Scores & Social Security Numbers

Google "hacked our website" from The Inquirer points to Blame game from the Hickory Record, a story about how the Catawba County Schools in North Carolina has gained a temporary injunction for "Google to remove any information pertaining to Catawba County Schools Board of Education from its server and index and alleges conversion and trespass against the corporation." The school blames Google for some how getting into a password protected area and indexing the content.

Let me make this clear, Google cannot submit forms or type in usernames and passwords. Someone at the school must of left an opening for Google. The security hole came from possibly someone publishing the content publicly, somehow, or by letting down the security or by posting a hyper-linked URL with an embedded password in the URL.

I agree, Google should remove this sensitive information, which they did on Friday after the judge issued the temporary injunction. But Google should not be blamed for this.

Postscript From Danny: As Barry notes, this isn't a case of Google deserving blame. It cannot guess at a protected server's usernames or passwords, nor is it configured to try and hack its way in. If this information got into Google, that's almost certainly because it was left unprotected somehow despite the school's "very secure site."

Since the school says all personal information has now been removed and is protected, I'll explain more at what I guess happened.

The story mentions that somehow, information from the site's supposedly protected DocuShare server got onto the web. OK, where is that server? The story doesn't say, but this search at over at Yahoo gives the likely location:

docushare catawba

Fifth down is this:

DocuShare Authorization Error Not Authorized. You are currently listed as Guest, which means you are not logged in. ... Password: Domain: DocuShare Catawba County. Copyright © 1996-2003 Xerox Corporation ... docucentre.catawba.k12.nc.us/docushare/dsweb/View/Collection-1546 - 6k - Cached - More from this site - Save

That shows you that Yahoo tried to access a protected page on the DocuShare server at docucentre.catawba.k12.nc.us. Is this the secure server that Google somehow managed to penetrate? Probably, given that this search shows nothing at Google now:

site:docucentre.catawba.k12.nc.us

That search comes up with no matches. That's probably because Google responded to the complaint last Friday to remove all pages from this domain. But since no one contacted Yahoo, there's a good chance pages from the domain still show over there. And in fact, that search at Yahoo currently shows 13,500 matches.

Are any of these the pages the ones with sensitive information? I did some searches that I felt should bring up whatever the page was that Google was finding and had no luck. This means:

• Yahoo didn't have it, because it didn't crawl as deep
• Yahoo didn't have it, because Google really did somehow manage to get pass a password barrier
• Yahoo didn't have it, because I'm not guessing at the right words in the document

Yahoo clear has some information that the school district itself says:

This site was a DocuShare password-protected site that required all users to log-in

No, not all users had to log-in. If that was the case, you wouldn't see any cached documents at all, such as this one. Clearly, some content was accessible without being logged in -- which makes it possible that some content wasn't properly placed behind password protection.

Postscript 2: See our follow-up, Follow-Up: School Couldn't Reach Google Until Injunction Filed

Posted by Kevin Heisler at 8:51 AM | Permalink

Google Blamed For Indexing Student Test Scores & Social Security Numbers

Google "hacked our website" from The Inquirer points to Blame game from the Hickory Record, a story about how the Catawba County Schools in North Carolina has gained a temporary injunction for "Google to remove any information pertaining to Catawba County Schools Board of Education from its server and index and alleges conversion and trespass against the corporation." The school blames Google for some how getting into a password protected area and indexing the content.

Let me make this clear, Google cannot submit forms or type in usernames and passwords. Someone at the school must of left an opening for Google. The security hole came from possibly someone publishing the content publicly, somehow, or by letting down the security or by posting a hyper-linked URL with an embedded password in the URL.

I agree, Google should remove this sensitive information, which they did on Friday after the judge issued the temporary injunction. But Google should not be blamed for this.

Postscript From Danny: As Barry notes, this isn't a case of Google deserving blame. It cannot guess at a protected server's usernames or passwords, nor is it configured to try and hack its way in. If this information got into Google, that's almost certainly because it was left unprotected somehow despite the school's "very secure site."

Since the school says all personal information has now been removed and is protected, I'll explain more at what I guess happened.

The story mentions that somehow, information from the site's supposedly protected DocuShare server got onto the web. OK, where is that server? The story doesn't say, but this search at over at Yahoo gives the likely location:

docushare catawba

Fifth down is this:

DocuShare Authorization Error Not Authorized. You are currently listed as Guest, which means you are not logged in. ... Password: Domain: DocuShare Catawba County. Copyright © 1996-2003 Xerox Corporation ... docucentre.catawba.k12.nc.us/docushare/dsweb/View/Collection-1546 - 6k - Cached - More from this site - Save

That shows you that Yahoo tried to access a protected page on the DocuShare server at docucentre.catawba.k12.nc.us. Is this the secure server that Google somehow managed to penetrate? Probably, given that this search shows nothing at Google now:

site:docucentre.catawba.k12.nc.us

That search comes up with no matches. That's probably because Google responded to the complaint last Friday to remove all pages from this domain. But since no one contacted Yahoo, there's a good chance pages from the domain still show over there. And in fact, that search at Yahoo currently shows 13,500 matches.

Are any of these the pages the ones with sensitive information? I did some searches that I felt should bring up whatever the page was that Google was finding and had no luck. This means:

• Yahoo didn't have it, because it didn't crawl as deep
• Yahoo didn't have it, because Google really did somehow manage to get pass a password barrier
• Yahoo didn't have it, because I'm not guessing at the right words in the document

Yahoo clear has some information that the school district itself says:

This site was a DocuShare password-protected site that required all users to log-in

No, not all users had to log-in. If that was the case, you wouldn't see any cached documents at all, such as this one. Clearly, some content was accessible without being logged in -- which makes it possible that some content wasn't properly placed behind password protection.

Postscript 2: See our follow-up, Follow-Up: School Couldn't Reach Google Until Injunction Filed

Posted by Kevin Heisler at 8:51 AM | Permalink

Google Blamed For Indexing Student Test Scores & Social Security Numbers

Google "hacked our website" from The Inquirer points to Blame game from the Hickory Record, a story about how the Catawba County Schools in North Carolina has gained a temporary injunction for "Google to remove any information pertaining to Catawba County Schools Board of Education from its server and index and alleges conversion and trespass against the corporation." The school blames Google for some how getting into a password protected area and indexing the content.

Let me make this clear, Google cannot submit forms or type in usernames and passwords. Someone at the school must of left an opening for Google. The security hole came from possibly someone publishing the content publicly, somehow, or by letting down the security or by posting a hyper-linked URL with an embedded password in the URL.

I agree, Google should remove this sensitive information, which they did on Friday after the judge issued the temporary injunction. But Google should not be blamed for this.

Postscript From Danny: As Barry notes, this isn't a case of Google deserving blame. It cannot guess at a protected server's usernames or passwords, nor is it configured to try and hack its way in. If this information got into Google, that's almost certainly because it was left unprotected somehow despite the school's "very secure site."

Since the school says all personal information has now been removed and is protected, I'll explain more at what I guess happened.

The story mentions that somehow, information from the site's supposedly protected DocuShare server got onto the web. OK, where is that server? The story doesn't say, but this search at over at Yahoo gives the likely location:

docushare catawba

Fifth down is this:

DocuShare Authorization Error Not Authorized. You are currently listed as Guest, which means you are not logged in. ... Password: Domain: DocuShare Catawba County. Copyright © 1996-2003 Xerox Corporation ... docucentre.catawba.k12.nc.us/docushare/dsweb/View/Collection-1546 - 6k - Cached - More from this site - Save

That shows you that Yahoo tried to access a protected page on the DocuShare server at docucentre.catawba.k12.nc.us. Is this the secure server that Google somehow managed to penetrate? Probably, given that this search shows nothing at Google now:

site:docucentre.catawba.k12.nc.us

That search comes up with no matches. That's probably because Google responded to the complaint last Friday to remove all pages from this domain. But since no one contacted Yahoo, there's a good chance pages from the domain still show over there. And in fact, that search at Yahoo currently shows 13,500 matches.

Are any of these the pages the ones with sensitive information? I did some searches that I felt should bring up whatever the page was that Google was finding and had no luck. This means:

• Yahoo didn't have it, because it didn't crawl as deep
• Yahoo didn't have it, because Google really did somehow manage to get pass a password barrier
• Yahoo didn't have it, because I'm not guessing at the right words in the document

Yahoo clear has some information that the school district itself says:

This site was a DocuShare password-protected site that required all users to log-in

No, not all users had to log-in. If that was the case, you wouldn't see any cached documents at all, such as this one. Clearly, some content was accessible without being logged in -- which makes it possible that some content wasn't properly placed behind password protection.

Postscript 2: See our follow-up, Follow-Up: School Couldn't Reach Google Until Injunction Filed

Posted by Kevin Heisler at 8:51 AM | Permalink

June 14, 2006

Clickbot.A Click Fraud Network Dismantled

ClickZ reports that the Clickbot.A virus that infected 34,000 machines (last report more than 50,000 PCs) and auto clicked on an unknown amount of PPC ads, has been shut down. Panda Software and RSA Security worked together to dismantle the virus. Read the full details over at Panda Software.

Posted by Barry Schwartz at 9:01 AM | Permalink

Clickbot.A Click Fraud Network Dismantled

ClickZ reports that the Clickbot.A virus that infected 34,000 machines (last report more than 50,000 PCs) and auto clicked on an unknown amount of PPC ads, has been shut down. Panda Software and RSA Security worked together to dismantle the virus. Read the full details over at Panda Software.

Posted by Kevin Heisler at 9:01 AM | Permalink

Clickbot.A Click Fraud Network Dismantled

ClickZ reports that the Clickbot.A virus that infected 34,000 machines (last report more than 50,000 PCs) and auto clicked on an unknown amount of PPC ads, has been shut down. Panda Software and RSA Security worked together to dismantle the virus. Read the full details over at Panda Software.

Posted by Kevin Heisler at 9:01 AM | Permalink

Clickbot.A Click Fraud Network Dismantled

ClickZ reports that the Clickbot.A virus that infected 34,000 machines (last report more than 50,000 PCs) and auto clicked on an unknown amount of PPC ads, has been shut down. Panda Software and RSA Security worked together to dismantle the virus. Read the full details over at Panda Software.

Posted by Kevin Heisler at 9:01 AM | Permalink

June 13, 2006

Yamanner Worm Targets Yahoo Mail Users

Silicon.com reports on a Yahoo Mail worm named Yamanner that comes in the form of an email named "New Graphic Site." When you open the email, it infects your computer and spreads the worm to your Yahoo Mail address book.

Posted by Barry Schwartz at 11:20 AM | Permalink

Yamanner Worm Targets Yahoo Mail Users

Silicon.com reports on a Yahoo Mail worm named Yamanner that comes in the form of an email named "New Graphic Site." When you open the email, it infects your computer and spreads the worm to your Yahoo Mail address book.

Posted by Kevin Heisler at 11:20 AM | Permalink

Yamanner Worm Targets Yahoo Mail Users

Silicon.com reports on a Yahoo Mail worm named Yamanner that comes in the form of an email named "New Graphic Site." When you open the email, it infects your computer and spreads the worm to your Yahoo Mail address book.

Posted by Kevin Heisler at 11:20 AM | Permalink

Yamanner Worm Targets Yahoo Mail Users

Silicon.com reports on a Yahoo Mail worm named Yamanner that comes in the form of an email named "New Graphic Site." When you open the email, it infects your computer and spreads the worm to your Yahoo Mail address book.

Posted by Kevin Heisler at 11:20 AM | Permalink

May 17, 2006

Belgian Company Suing Google Over Google Suggest Suggestions

Philipp Lenssen points to a press release that shows when you begin to type your search at Google Suggest on "ServersCheck" it brings up results for "ServersCheck Crack," ServersCheck Serial," and other suggested searches of illegal versions of the ServersCheck products. Is this just a ploy for ServersCheck to get some free PR? Google Suggest is used on the Google Toolbar and was added to the Firefox toolbar.

Posted by Barry Schwartz at 9:46 AM | Permalink

Belgian Company Suing Google Over Google Suggest Suggestions

Philipp Lenssen points to a press release that shows when you begin to type your search at Google Suggest on "ServersCheck" it brings up results for "ServersCheck Crack," ServersCheck Serial," and other suggested searches of illegal versions of the ServersCheck products. Is this just a ploy for ServersCheck to get some free PR? Google Suggest is used on the Google Toolbar and was added to the Firefox toolbar.

Posted by Kevin Heisler at 9:46 AM | Permalink

Belgian Company Suing Google Over Google Suggest Suggestions

Philipp Lenssen points to a press release that shows when you begin to type your search at Google Suggest on "ServersCheck" it brings up results for "ServersCheck Crack," ServersCheck Serial," and other suggested searches of illegal versions of the ServersCheck products. Is this just a ploy for ServersCheck to get some free PR? Google Suggest is used on the Google Toolbar and was added to the Firefox toolbar.

Posted by Kevin Heisler at 9:46 AM | Permalink

Belgian Company Suing Google Over Google Suggest Suggestions

Philipp Lenssen points to a press release that shows when you begin to type your search at Google Suggest on "ServersCheck" it brings up results for "ServersCheck Crack," ServersCheck Serial," and other suggested searches of illegal versions of the ServersCheck products. Is this just a ploy for ServersCheck to get some free PR? Google Suggest is used on the Google Toolbar and was added to the Firefox toolbar.

Posted by Kevin Heisler at 9:46 AM | Permalink

May 12, 2006

5% Of Search Results Lead To "Dangerous Sites"

Andy Beal reports on a Wall Street Journal article that claims 9% of paid search ads lead to "dangerous sites." Three-percent of organic results lead to risky sites, in comparison to the PPC ads. So on average, the article shows that "roughly 5% of the search results on average were risky sites." The SiteAdvisor study estimates a searcher will click to an "unsafe site from a search engine once every 15 days." Risky sites are defined as sites that can "infect consumers' personal computers or expose them to nuisances such as spam email."

Postscript by Detlev Johnson: You can find additional information at BBC with respect to natural listings that lead to risky sites. As much as 4-6% of search results in natural listings are categorized as risky, while sites in the sponsored listings can be 2-4 times as numerous.

The sheer volume of clicks this can account for is scary - 285 million per month. Search engines are known to try limiting their users from accessing risky sites through their search engines; at least as much as they combat spam. Their efforts will need to continue and be ongoing similarly to fighting search engine spam.

Posted by Barry Schwartz at 9:16 AM | Permalink

5% Of Search Results Lead To "Dangerous Sites"

Andy Beal reports on a Wall Street Journal article that claims 9% of paid search ads lead to "dangerous sites." Three-percent of organic results lead to risky sites, in comparison to the PPC ads. So on average, the article shows that "roughly 5% of the search results on average were risky sites." The SiteAdvisor study estimates a searcher will click to an "unsafe site from a search engine once every 15 days." Risky sites are defined as sites that can "infect consumers' personal computers or expose them to nuisances such as spam email."

Postscript by Detlev Johnson: You can find additional information at BBC with respect to natural listings that lead to risky sites. As much as 4-6% of search results in natural listings are categorized as risky, while sites in the sponsored listings can be 2-4 times as numerous.

The sheer volume of clicks this can account for is scary - 285 million per month. Search engines are known to try limiting their users from accessing risky sites through their search engines; at least as much as they combat spam. Their efforts will need to continue and be ongoing similarly to fighting search engine spam.

Posted by Kevin Heisler at 9:16 AM | Permalink

5% Of Search Results Lead To "Dangerous Sites"

Andy Beal reports on a Wall Street Journal article that claims 9% of paid search ads lead to "dangerous sites." Three-percent of organic results lead to risky sites, in comparison to the PPC ads. So on average, the article shows that "roughly 5% of the search results on average were risky sites." The SiteAdvisor study estimates a searcher will click to an "unsafe site from a search engine once every 15 days." Risky sites are defined as sites that can "infect consumers' personal computers or expose them to nuisances such as spam email."

Postscript by Detlev Johnson: You can find additional information at BBC with respect to natural listings that lead to risky sites. As much as 4-6% of search results in natural listings are categorized as risky, while sites in the sponsored listings can be 2-4 times as numerous.

The sheer volume of clicks this can account for is scary - 285 million per month. Search engines are known to try limiting their users from accessing risky sites through their search engines; at least as much as they combat spam. Their efforts will need to continue and be ongoing similarly to fighting search engine spam.

Posted by Kevin Heisler at 9:16 AM | Permalink

5% Of Search Results Lead To "Dangerous Sites"

Andy Beal reports on a Wall Street Journal article that claims 9% of paid search ads lead to "dangerous sites." Three-percent of organic results lead to risky sites, in comparison to the PPC ads. So on average, the article shows that "roughly 5% of the search results on average were risky sites." The SiteAdvisor study estimates a searcher will click to an "unsafe site from a search engine once every 15 days." Risky sites are defined as sites that can "infect consumers' personal computers or expose them to nuisances such as spam email."

Postscript by Detlev Johnson: You can find additional information at BBC with respect to natural listings that lead to risky sites. As much as 4-6% of search results in natural listings are categorized as risky, while sites in the sponsored listings can be 2-4 times as numerous.

The sheer volume of clicks this can account for is scary - 285 million per month. Search engines are known to try limiting their users from accessing risky sites through their search engines; at least as much as they combat spam. Their efforts will need to continue and be ongoing similarly to fighting search engine spam.

Posted by Kevin Heisler at 9:16 AM | Permalink

March 3, 2006

Gmail Fixes JavaScript Security Hole Via Slashdot, Vulnerability in Gmail covers how JavaScript code sent from Yahoo Mail to Gmail reportedly would run in the preview pane of Gmail. Google quickly fixed this security hole, as reported by News.com soon after.

Posted by Barry Schwartz at 9:07 AM | Permalink

Gmail Fixes JavaScript Security Hole Via Slashdot, Vulnerability in Gmail covers how JavaScript code sent from Yahoo Mail to Gmail reportedly would run in the preview pane of Gmail. Google quickly fixed this security hole, as reported by News.com soon after.

Posted by Kevin Heisler at 9:07 AM | Permalink

Gmail Fixes JavaScript Security Hole Via Slashdot, Vulnerability in Gmail covers how JavaScript code sent from Yahoo Mail to Gmail reportedly would run in the preview pane of Gmail. Google quickly fixed this security hole, as reported by News.com soon after.

Posted by Kevin Heisler at 9:07 AM | Permalink

Gmail Fixes JavaScript Security Hole Via Slashdot, Vulnerability in Gmail covers how JavaScript code sent from Yahoo Mail to Gmail reportedly would run in the preview pane of Gmail. Google quickly fixed this security hole, as reported by News.com soon after.

Posted by Kevin Heisler at 9:07 AM | Permalink

February 20, 2006

Google Account Security Breach with Book Search

Philipp Lenssen reports a Google Book Search Security Hole where someone can login to your Google account if they get access, somehow, to your URL string of your Google Book search result page. This is how it works; a person goes to book.google.com does a special search, clicks on a result, logs in and then copies the URL and sends it off to a friend. When the friend gets the URL and clicks on it, it should login the friend to Google as the person who sent the link, giving the friend access to Google Account information that is not his.

Posted by Barry Schwartz at 8:46 AM | Permalink

Google Account Security Breach with Book Search

Philipp Lenssen reports a Google Book Search Security Hole where someone can login to your Google account if they get access, somehow, to your URL string of your Google Book search result page. This is how it works; a person goes to book.google.com does a special search, clicks on a result, logs in and then copies the URL and sends it off to a friend. When the friend gets the URL and clicks on it, it should login the friend to Google as the person who sent the link, giving the friend access to Google Account information that is not his.

Posted by Kevin Heisler at 8:46 AM | Permalink

Google Account Security Breach with Book Search

Philipp Lenssen reports a Google Book Search Security Hole where someone can login to your Google account if they get access, somehow, to your URL string of your Google Book search result page. This is how it works; a person goes to book.google.com does a special search, clicks on a result, logs in and then copies the URL and sends it off to a friend. When the friend gets the URL and clicks on it, it should login the friend to Google as the person who sent the link, giving the friend access to Google Account information that is not his.

Posted by Kevin Heisler at 8:46 AM | Permalink

Google Account Security Breach with Book Search

Philipp Lenssen reports a Google Book Search Security Hole where someone can login to your Google account if they get access, somehow, to your URL string of your Google Book search result page. This is how it works; a person goes to book.google.com does a special search, clicks on a result, logs in and then copies the URL and sends it off to a friend. When the friend gets the URL and clicks on it, it should login the friend to Google as the person who sent the link, giving the friend access to Google Account information that is not his.

Posted by Kevin Heisler at 8:46 AM | Permalink

January 20, 2006

Weinberg on Blocking Certain Types of Search Queries and the Precedent It Might Be Setting

Nathan Weinberg at InsideGoogle reports that Google and MSN might be blocking certain query strings used by "script kiddies" and other hackers. Nathan reports that he hasn't been able to confirm on his own and asks for help. Weinberg then moves into a thought provoking discussion that asks some important questions about the implications of blocking queries. He writes that in some cases, like looking for vulnerabilities, blocking is a public service but he's not sure of the precedent it might be setting, assuming this is actually happening in the first place.

Weinberg writes: What if, in the future, Google decides to block all commonly used searches that can be used to harm others. For example, what if Google decides to block “i am 9..12 years old”, a query that can be used by pedophiles to find children of a certain age range? What if Google decided to block searches for gun trade shows, or steroids, or porn?...Even as Google fights the Department of Justice for our privacy rights, it is important to remember that we have the right to search for the wrong things.

Kudos to Nathan on an excellent post.

Posted by Gary Price at 6:10 PM | Permalink

Weinberg on Blocking Certain Types of Search Queries and the Precedent It Might Be Setting

Nathan Weinberg at InsideGoogle reports that Google and MSN might be blocking certain query strings used by "script kiddies" and other hackers. Nathan reports that he hasn't been able to confirm on his own and asks for help. Weinberg then moves into a thought provoking discussion that asks some important questions about the implications of blocking queries. He writes that in some cases, like looking for vulnerabilities, blocking is a public service but he's not sure of the precedent it might be setting, assuming this is actually happening in the first place.

Weinberg writes: What if, in the future, Google decides to block all commonly used searches that can be used to harm others. For example, what if Google decides to block “i am 9..12 years old”, a query that can be used by pedophiles to find children of a certain age range? What if Google decided to block searches for gun trade shows, or steroids, or porn?...Even as Google fights the Department of Justice for our privacy rights, it is important to remember that we have the right to search for the wrong things.

Kudos to Nathan on an excellent post.

Posted by Kevin Heisler at 6:10 PM | Permalink

Weinberg on Blocking Certain Types of Search Queries and the Precedent It Might Be Setting

Nathan Weinberg at InsideGoogle reports that Google and MSN might be blocking certain query strings used by "script kiddies" and other hackers. Nathan reports that he hasn't been able to confirm on his own and asks for help. Weinberg then moves into a thought provoking discussion that asks some important questions about the implications of blocking queries. He writes that in some cases, like looking for vulnerabilities, blocking is a public service but he's not sure of the precedent it might be setting, assuming this is actually happening in the first place.

Weinberg writes: What if, in the future, Google decides to block all commonly used searches that can be used to harm others. For example, what if Google decides to block “i am 9..12 years old”, a query that can be used by pedophiles to find children of a certain age range? What if Google decided to block searches for gun trade shows, or steroids, or porn?...Even as Google fights the Department of Justice for our privacy rights, it is important to remember that we have the right to search for the wrong things.

Kudos to Nathan on an excellent post.

Posted by Kevin Heisler at 6:10 PM | Permalink

Weinberg on Blocking Certain Types of Search Queries and the Precedent It Might Be Setting

Nathan Weinberg at InsideGoogle reports that Google and MSN might be blocking certain query strings used by "script kiddies" and other hackers. Nathan reports that he hasn't been able to confirm on his own and asks for help. Weinberg then moves into a thought provoking discussion that asks some important questions about the implications of blocking queries. He writes that in some cases, like looking for vulnerabilities, blocking is a public service but he's not sure of the precedent it might be setting, assuming this is actually happening in the first place.

Weinberg writes: What if, in the future, Google decides to block all commonly used searches that can be used to harm others. For example, what if Google decides to block “i am 9..12 years old”, a query that can be used by pedophiles to find children of a certain age range? What if Google decided to block searches for gun trade shows, or steroids, or porn?...Even as Google fights the Department of Justice for our privacy rights, it is important to remember that we have the right to search for the wrong things.

Kudos to Nathan on an excellent post.

Posted by Kevin Heisler at 6:10 PM | Permalink

January 4, 2006

Malware Alters Google AdSense Links

Via JenSense, Trojan Horse program that targets Google Adsense ads has been detected by an Indian Web publisher at TechShout looks at covers malware that replaces Google AdSense links with ads for other sites.

Posted by Danny Sullivan at 10:08 AM | Permalink

Malware Alters Google AdSense Links

Via JenSense, Trojan Horse program that targets Google Adsense ads has been detected by an Indian Web publisher at TechShout looks at covers malware that replaces Google AdSense links with ads for other sites.

Posted by Kevin Heisler at 10:08 AM | Permalink

Malware Alters Google AdSense Links

Via JenSense, Trojan Horse program that targets Google Adsense ads has been detected by an Indian Web publisher at TechShout looks at covers malware that replaces Google AdSense links with ads for other sites.

Posted by Kevin Heisler at 10:08 AM | Permalink

Malware Alters Google AdSense Links

Via JenSense, Trojan Horse program that targets Google Adsense ads has been detected by an Indian Web publisher at TechShout looks at covers malware that replaces Google AdSense links with ads for other sites.

Posted by Kevin Heisler at 10:08 AM | Permalink

December 29, 2005

Malik Looks at Issues for Google AdSense and Other Ad Programs in 2006

Om Malik has compliled and written an excellent post that discusses what might be some big issues for AdSense and other programs in 2006. Om writes:

From scraper sites, to click fraud to trojan horses, looks like the most profitable money making mechanism, aka AdSense might be facing some tough times.

Malik's post includes links to articles from:

+ Paul Kedrosky Kedroksy predicts that click fraud will go "mainstream" in 2006.

Kedroksy writes: With some estimating that in certain categories click-fraud accounts for as much as 20% of fees, this is a stock-schwacking issue, one that threatens the core of Google's advertising business.

+ Charles Mann's new three page article in Wired titled: How Click Fraud Could Swallow the Internet

and a very interesting report from TechShout that's title says it all: A Trojan Horse program that targets Google ads has been detected by an Indian Web publisher.

Om adds that: TechShout folks say that Google AdSense team confirmed the existence of these problems.

As the 80's group Asia tells us, "only time will tell."

Posted by Gary Price at 3:15 PM | Permalink

Malik Looks at Issues for Google AdSense and Other Ad Programs in 2006

Om Malik has compliled and written an excellent post that discusses what might be some big issues for AdSense and other programs in 2006. Om writes:

From scraper sites, to click fraud to trojan horses, looks like the most profitable money making mechanism, aka AdSense might be facing some tough times.

Malik's post includes links to articles from:

+ Paul Kedrosky Kedroksy predicts that click fraud will go "mainstream" in 2006.

Kedroksy writes: With some estimating that in certain categories click-fraud accounts for as much as 20% of fees, this is a stock-schwacking issue, one that threatens the core of Google's advertising business.

+ Charles Mann's new three page article in Wired titled: How Click Fraud Could Swallow the Internet

and a very interesting report from TechShout that's title says it all: A Trojan Horse program that targets Google ads has been detected by an Indian Web publisher.

Om adds that: TechShout folks say that Google AdSense team confirmed the existence of these problems.

As the 80's group Asia tells us, "only time will tell."

Posted by Kevin Heisler at 3:15 PM | Permalink

Malik Looks at Issues for Google AdSense and Other Ad Programs in 2006

Om Malik has compliled and written an excellent post that discusses what might be some big issues for AdSense and other programs in 2006. Om writes:

From scraper sites, to click fraud to trojan horses, looks like the most profitable money making mechanism, aka AdSense might be facing some tough times.

Malik's post includes links to articles from:

+ Paul Kedrosky Kedroksy predicts that click fraud will go "mainstream" in 2006.

Kedroksy writes: With some estimating that in certain categories click-fraud accounts for as much as 20% of fees, this is a stock-schwacking issue, one that threatens the core of Google's advertising business.

+ Charles Mann's new three page article in Wired titled: How Click Fraud Could Swallow the Internet

and a very interesting report from TechShout that's title says it all: A Trojan Horse program that targets Google ads has been detected by an Indian Web publisher.

Om adds that: TechShout folks say that Google AdSense team confirmed the existence of these problems.

As the 80's group Asia tells us, "only time will tell."

Posted by Kevin Heisler at 3:15 PM | Permalink

Malik Looks at Issues for Google AdSense and Other Ad Programs in 2006

Om Malik has compliled and written an excellent post that discusses what might be some big issues for AdSense and other programs in 2006. Om writes:

From scraper sites, to click fraud to trojan horses, looks like the most profitable money making mechanism, aka AdSense might be facing some tough times.

Malik's post includes links to articles from:

+ Paul Kedrosky Kedroksy predicts that click fraud will go "mainstream" in 2006.

Kedroksy writes: With some estimating that in certain categories click-fraud accounts for as much as 20% of fees, this is a stock-schwacking issue, one that threatens the core of Google's advertising business.

+ Charles Mann's new three page article in Wired titled: How Click Fraud Could Swallow the Internet

and a very interesting report from TechShout that's title says it all: A Trojan Horse program that targets Google ads has been detected by an Indian Web publisher.

Om adds that: TechShout folks say that Google AdSense team confirmed the existence of these problems.

As the 80's group Asia tells us, "only time will tell."

Posted by Kevin Heisler at 3:15 PM | Permalink

December 2, 2005

A Flaw C