Hackers Launch Goolag: A Google Vulnerability Scanner

Hackers turn Google into vulnerability scanner from Techworld reports a group of hackers named Cult of the Dead Cow (CDC) launched a search tool powered by Google to help see if your sites are vulnerable to a hacking attempt. The tool is named Goolag, and by typing in a domain name it may return site vulnerabilities. Techworld reports the tool makes "it easy for unskilled users to track down vulnerabilities and sensitive information on specific Web sites or broad Web domains." The tool uses the Google Custom Search engine and has a detailed specification on how it works. "It's no big sec [...]


Gmail User Gains Access To 30 Other Gmail Accounts Due To ISP Caching Glitch

Google says ISP glitch exposes Gmail data in Kuwait from News.com has confirmed reports that a Gmail user in Kuwait has inadvertently accessed about 30 Gmail accounts that were not his. Supposedly, he also accessed an email that had "keycodes for some embassy gate." Whose fault is this? Not Google! A Kuwaiti ISP was having some major caching issues, which results in people seeing other people's content when accessing the same URL. Have you ever gone to a web page on your computer and noticed that it was showing old content? That is a web page's cache. Typically holding down the shift a [...]


Google Study: 1.3% Google Searches Return At Least One Malicious Result

Web Browsing, Search, And Online Ads Grow More Risky, Google Says from InformationWeek reports on a recent Google Study named All Your iFRAMEs Point to Us that shows 1.3% of Google searches returned at least one malicious result. Niels Provos, a security engineer at Google, lead the study that took 10 months of data containing billions of URLs. The data collection period was between January 2007 and October 2007. They checked 66,534,330 URLs and found that 3,385,889 URLs were "suspicious" and 3,417,590 URLs were malicious, pointing to 181,699 landing sites. But the real impact to the end [...]


Report: Hacked Pages Remain In Search Engines’ Caches

Search Engine Journal reports that online security firm Aladdin Knowledge Systems identified a potential "flaw, which allows the search engines to deliver malicious pages that have already been removed from the web." What that means as a practical matter is that hacked pages, which have already been taken down or otherwise cleaned up, may still be visible to end users through Web search via caching, which generally speeds up delivery of search results. The following statement was provided by Yahoo: "Yahoo! is committed to protecting its users from malicious sites on the Web and we follow up [...]


Google Adds Report Malicious Software Form

In the aftermath of the major malware attack that hit search results, the Google Online Security Blog announced the launch of a new form to report malware software showing up in Google results. Google Cleans Up Returns; Yahoo Not So Much from eWeek has a look at how Google has quickly cleaned up the malware from their search results, while Yahoo has taken a slower approach. [...]


Search Spam Is Getting More Dangerous Every Day

Search spam, using techniques that manipulate the search results, feels like it is getting more dangerous every day. Some search spammers go as far as hacking sites to inject link spam into unsuspecting web pages. And some go even further by polluting the search results with nasty malware. Yesterday we covered a story about a serious malware issue in the search engines, where hundreds of pages were being returned by Google, Yahoo, Live and other search engines that contained harmful malware. Today, a WebmasterWorld thread pointed me to Spammers hack Al Gore's climate site from Vnunet. In [...]


Malware Hits Search Results — Google’s Malware Warnings Not Working?

Subverted search sites lead to massive malware attack in progress from ComputerWorld reports that Google, along with Yahoo, Live Search have been targeted in a massive attack that puts links leading to malware sites into top search results. Alex Eckelberry, Sunbelt Software's CEO said "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages." The pages are specifically being returned by search engines in their organic results (not the paid results). Eckelberry explains, "They get themselves on to Google, then redirect people to their [...]


Google Presentations Security Issue Leaked Email Addresses

Nathan Weinberg reports that Google fixed a security issue with the new Google Presentations, which leaked user email addresses to the public. What happened was that when webmasters tried to embed presentations into their web pages, it would then log people into Google Talk via their Google Account. After they logged in, to view the presentation and to chat, it would display the user's email address to all those who wanted to see it. Nathan reports Google has fixed the security issue about 15 hours after Google Presentations went live. [...]


Yahoo’s Right Media Serves Up Trojan Ads For Three Weeks

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users from The Register reports that Yahoo's newly acquired Right Media served up ads with Trojan viruses for three weeks during the month of August. The flash ads reportedly contained a file that installed a Trojan back door on vulnerable Windows machines running Internet Explorer. The ads ran on MySpace, PhotoBucket, TheSun.co.uk, Bebo.com and UltimateGuitar.com. The Trojan required three criteria to be meet to cause issues on the Windows machine. First, the user had to be using IE on a Windows machine. Second, the Windows machin [...]


Search Results Getting Safer

The State of Search Engine Safety was released by Site Advisor today. In this report, we learned that search results are now safer then they were a year ago. 4% of the search results are link to risky sites, down from 5.0% reported last year. Sponsored results are 2.4 times more likely to have links to risky sites compared to the natural results. Today, 6.9% of sponsored results link to risky sites, down from 8.5% reported last year. AOL returns the safest results and Yahoo returns the most risky sites, by percentage. Ask.com has seen the largest increase safety than the other search engine [...]


June To Be “Month of Search Engines Bugs”

'Month of bugs' pins bull's-eye on Google, Yahoo from Computerworld reports Websecurity.com.ua says it will post a security vulnerability about the most popular search engines of the world each day throughout the month of June, in particular cross-site scripting ones. [...]


Windows Vulnerability Exploited Through Google AdWords

Virus Writers Taint Google Ad Links from the Washington Post covers a report saying that consumers trying to reach some legitimate sites might be getting infected with malicious software when they click on ads at Google. The software tries to "steal passwords and other sensitive information from infected PCs," the article says. Google has reportedly removed the ads. In addition, I reported a possible exploit where hackers can gain access to your AdWords account and potentially serve ads under your profile. Postscript: Google responded saying an "incident this week served as an important re [...]


Court: Google Suggest Feature Not Responsible For Encouraging Software Piracy

Belgian company loses lawsuit against Google from IT World reports that Google has won a suit brought against them by ServersCheck, a Belgian company. The company complained that the Google Suggest feature was helping people find pirated versions of its software. ServersCheck said that Google Suggest returned results for "ServersCheck Crack," ServersCheck Serial," and other suggested searches of illegal versions of the ServersCheck products, when a user began to enter in "ServersCheck" into Google Suggest. ServersCheck sued Google on May 17, 2006. The Commercial Court in Leuven, Belgium, ru [...]


Google Desktop Hole Exposed, Fixed

BusinessWeek reports that Google Desktop had a major defect that could have potentially enabled hackers to view personal files on a computer with Google Desktop installed. The hole was plugged February 1st, a few weeks after it was discovered by Watchfire Corp. Google says it has no evidence the vulnerability was exploited. Google Desktop was vulnerable to what security experts call a "cross-site scripting attack." This vulnerability would potentially enable hackers to place malicious code on your personal computer. The hacker could then search all the files on the personal computer and p [...]


Hacking Google To Help It Improve Security

Last Friday, Philipp Lenssen wrote a fascinating post describing how his associate Tony Ruscoe was able to access Philipp's Google account: "It’s your worst nightmare – someone reads parts of your Google emails, views your docs, modifies your spreadsheets, checks out your reading habits on the Google personalized homepage or Google Reader, and goes through your search history." Tony's a white-hat hacker, so he reported his exploit to Google's security team, and they've now closed the hole that allowed this to happen. Today, Tony explains what he did and how he thinks Google fixed the pro [...]


Using Google Code Search To Find Vulnerable Sites

ShoeMoney wrote a detailed write up on how hackers can easily use Google Code Search to quickly find sites that are vulnerable to being hacked. ShoeMoney shows XSS exploits, SQL injection exploits and more. ShoeMoney wasn't the first to spot this. SEO Egghead wrote about some examples on October 5th. Is Google to blame? I don't think so. Postscript From Danny: Finding security exploits via Google or other search engines is pretty old news, going back for years. Below, a recap of some of these issues plus how you need to watch what your systems are spitting out for Google and other search [...]


Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest

 
 

Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States

Europe

Australia & China

Learn more about: SMX | MarTech


Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!

 


 

Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide