Google says ISP glitch exposes Gmail data in Kuwait from News.com has confirmed reports that a Gmail user in Kuwait has inadvertently accessed about 30 Gmail accounts that were not his. Supposedly, he also accessed an email that had "keycodes for some embassy gate." Whose fault is this? Not Google! A Kuwaiti ISP was having some major caching issues, which results in people seeing other people's content when accessing the same URL. Have you ever gone to a web page on your computer and noticed that it was showing old content? That is a web page's cache. Typically holding down the shift a [...]

Related Topics: Channel: Consumer | Google: Gmail | Legal: Security

Web Browsing, Search, And Online Ads Grow More Risky, Google Says from InformationWeek reports on a recent Google Study named All Your iFRAMEs Point to Us that shows 1.3% of Google searches returned at least one malicious result. Niels Provos, a security engineer at Google, lead the study that took 10 months of data containing billions of URLs. The data collection period was between January 2007 and October 2007. They checked 66,534,330 URLs and found that 3,385,889 URLs were "suspicious" and 3,417,590 URLs were malicious, pointing to 181,699 landing sites. But the real impact to the end [...]

Related Topics: Channel: SEM | Google: AdWords | Google: Security | Google: Web Search | Legal: Security | Search Ads: General

Search Engine Journal reports that online security firm Aladdin Knowledge Systems identified a potential "flaw, which allows the search engines to deliver malicious pages that have already been removed from the web." What that means as a practical matter is that hacked pages, which have already been taken down or otherwise cleaned up, may still be visible to end users through Web search via caching, which generally speeds up delivery of search results. The following statement was provided by Yahoo: "Yahoo! is committed to protecting its users from malicious sites on the Web and we follow up [...]

Related Topics: Channel: Consumer | Legal: Security

In the aftermath of the major malware attack that hit search results, the Google Online Security Blog announced the launch of a new form to report malware software showing up in Google results. Google Cleans Up Returns; Yahoo Not So Much from eWeek has a look at how Google has quickly cleaned up the malware from their search results, while Yahoo has taken a slower approach. [...]

Related Topics: Channel: SEO | Google: SEO | Legal: Security | Search Features: Safety | SEO: Spamming

Search spam, using techniques that manipulate the search results, feels like it is getting more dangerous every day. Some search spammers go as far as hacking sites to inject link spam into unsuspecting web pages. And some go even further by polluting the search results with nasty malware. Yesterday we covered a story about a serious malware issue in the search engines, where hundreds of pages were being returned by Google, Yahoo, Live and other search engines that contained harmful malware. Today, a WebmasterWorld thread pointed me to Spammers hack Al Gore's climate site from Vnunet. In [...]

Related Topics: Channel: SEO | Legal: Security | SEO: Spamming

Subverted search sites lead to massive malware attack in progress from ComputerWorld reports that Google, along with Yahoo, Live Search have been targeted in a massive attack that puts links leading to malware sites into top search results. Alex Eckelberry, Sunbelt Software's CEO said "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages." The pages are specifically being returned by search engines in their organic results (not the paid results). Eckelberry explains, "They get themselves on to Google, then redirect people to their [...]

Related Topics: Channel: SEO | Google: SEO | Google: Webmaster Central | Legal: Security | Search Features: Safety | SEO: Spamming

Nathan Weinberg reports that Google fixed a security issue with the new Google Presentations, which leaked user email addresses to the public. What happened was that when webmasters tried to embed presentations into their web pages, it would then log people into Google Talk via their Google Account. After they logged in, to view the presentation and to chat, it would display the user's email address to all those who wanted to see it. Nathan reports Google has fixed the security issue about 15 hours after Google Presentations went live. [...]

Related Topics: Channel: Consumer | Google: Docs & Spreadsheets | Google: Security | Legal: Security

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users from The Register reports that Yahoo's newly acquired Right Media served up ads with Trojan viruses for three weeks during the month of August. The flash ads reportedly contained a file that installed a Trojan back door on vulnerable Windows machines running Internet Explorer. The ads ran on MySpace, PhotoBucket, TheSun.co.uk, Bebo.com and UltimateGuitar.com. The Trojan required three criteria to be meet to cause issues on the Windows machine. First, the user had to be using IE on a Windows machine. Second, the Windows machin [...]

Related Topics: Channel: Display | Legal: Security | Yahoo: Business Issues | Yahoo: Display Ads

The State of Search Engine Safety was released by Site Advisor today. In this report, we learned that search results are now safer then they were a year ago. 4% of the search results are link to risky sites, down from 5.0% reported last year. Sponsored results are 2.4 times more likely to have links to risky sites compared to the natural results. Today, 6.9% of sponsored results link to risky sites, down from 8.5% reported last year. AOL returns the safest results and Yahoo returns the most risky sites, by percentage. Ask.com has seen the largest increase safety than the other search engine [...]

Related Topics: Channel: Consumer | Legal: Security

'Month of bugs' pins bull's-eye on Google, Yahoo from Computerworld reports Websecurity.com.ua says it will post a security vulnerability about the most popular search engines of the world each day throughout the month of June, in particular cross-site scripting ones. [...]

Related Topics: Channel: Consumer | Legal: Security

Virus Writers Taint Google Ad Links from the Washington Post covers a report saying that consumers trying to reach some legitimate sites might be getting infected with malicious software when they click on ads at Google. The software tries to "steal passwords and other sensitive information from infected PCs," the article says. Google has reportedly removed the ads. In addition, I reported a possible exploit where hackers can gain access to your AdWords account and potentially serve ads under your profile. Postscript: Google responded saying an "incident this week served as an important re [...]

Related Topics: Channel: SEM | Google: AdWords | Legal: Security

Belgian company loses lawsuit against Google from IT World reports that Google has won a suit brought against them by ServersCheck, a Belgian company. The company complained that the Google Suggest feature was helping people find pirated versions of its software. ServersCheck said that Google Suggest returned results for "ServersCheck Crack," ServersCheck Serial," and other suggested searches of illegal versions of the ServersCheck products, when a user began to enter in "ServersCheck" into Google Suggest. ServersCheck sued Google on May 17, 2006. The Commercial Court in Leuven, Belgium, ru [...]

Related Topics: Channel: Industry | Google: Legal | Legal: General | Legal: Security | Search Features: Query Refinement

BusinessWeek reports that Google Desktop had a major defect that could have potentially enabled hackers to view personal files on a computer with Google Desktop installed. The hole was plugged February 1st, a few weeks after it was discovered by Watchfire Corp. Google says it has no evidence the vulnerability was exploited. Google Desktop was vulnerable to what security experts call a "cross-site scripting attack." This vulnerability would potentially enable hackers to place malicious code on your personal computer. The hacker could then search all the files on the personal computer and p [...]

Related Topics: Channel: Consumer | Google: Desktop | Google: Security | Legal: Security

Last Friday, Philipp Lenssen wrote a fascinating post describing how his associate Tony Ruscoe was able to access Philipp's Google account: "It’s your worst nightmare – someone reads parts of your Google emails, views your docs, modifies your spreadsheets, checks out your reading habits on the Google personalized homepage or Google Reader, and goes through your search history." Tony's a white-hat hacker, so he reported his exploit to Google's security team, and they've now closed the hole that allowed this to happen. Today, Tony explains what he did and how he thinks Google fixed the pro [...]

Related Topics: Channel: Consumer | Google: Security | Legal: Security

ShoeMoney wrote a detailed write up on how hackers can easily use Google Code Search to quickly find sites that are vulnerable to being hacked. ShoeMoney shows XSS exploits, SQL injection exploits and more. ShoeMoney wasn't the first to spot this. SEO Egghead wrote about some examples on October 5th. Is Google to blame? I don't think so. Postscript From Danny: Finding security exploits via Google or other search engines is pretty old news, going back for years. Below, a recap of some of these issues plus how you need to watch what your systems are spitting out for Google and other search [...]

Related Topics: Channel: Consumer | Google: Code Search | Legal: Security