Google To Send Detailed Info About Hacked Web Sites 58
alphadogg writes "In an effort to promote the 'general health of the Web,' Google will send Webmasters snippets of malicious code in the hopes of getting infected Web sites cleaned up faster. The new information will appear as part of Google's Webmaster Tools, a suite of tools that provide data about a Web site, such as site visits. 'We understand the frustration of Webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged,' wrote Lucas Ballard on Google's online security blog. To Webmasters who are registered with Google, the company will send them an email notifying them of suspicious content along with a list of the affected pages. They'll also be able to see part of the malicious code." Another of the new Webmaster Tools is Fetch as Googlebot, which shows you a page as Google's crawler sees it. This should allow Webmasters to see malicious code that bad guys have hidden on their sites via "cloaking," among other benefits.
Gentlemen, check your Webmaster tools (Score:4, Interesting)
This is a great service. Google should set up an opt-in email notification as well.
It helps the webmasters build better sites and teaches them to check the Google website tools that allow them to groom their site for best indexing on Google. That's great.
Good idea, but... (Score:4, Interesting)
Happened over here (Score:3, Interesting)
Re:Who requests (Score:3, Interesting)
Company? what the...
You obviously have no idea about the early days of the internet and HTTP. The whole point of HTTP was to publish documents, if you host something you are implicitly allowing other people to fetch a copy of it.
robots.txt came about in the very early days of HTTP. An enterprising hacker wrote a crawler to index the whole internet (which wasn't that big at the time). But his crawler got stuck fetching pages from one machine with dynamically generated pages. This obviously tied up the bandwidth, CPU and disk IO of the server which annoyed it's owner. So the 2 people had a polite conversation via email and the opt-out robots.txt was invented.
Re:Happened over here (Score:2, Interesting)
Re:Google needs to clean up their own act first, (Score:3, Interesting)
Let me guess - you want Google to remove people's documents arbitrarily? That's what you're saying.
Right now, Google's right to not do anything - how would you feel if someone just took down one of your documents arbitrarily? Not even a DMCA notice, just a vague "this is a hacker tool" thing? And how do you differentiate between "fake login page" and "log in page mockup"? After all, when designing a UI, you can do it in any medium you feel comfortable in.
So yeah, Google is clueless. They're so clueless, they'd rather not remove someone's document because there can be many legitimate reasons for it to be there. And I suppose, as much as Google would like to remove it, doing so sets a bad precedent. Your Google Doc annoys someone? Click "report abuse" and Google will take it down. Better than DMCA notice.
At best, Google can remove it from the index. But allowing Google to arbitrarily remove any document by an anonymous person invites a whole new can of worms. Might as well ban bullets, they've been used to harm people.
Re:Academic cloaking (Score:3, Interesting)