[ insider_reports_insider ]
Google Sitemaps Security Problem
John Stith
Staff Writer
2005-11-18
 Insider Reports RSS Feed
SecurityProNews doesn't mention Google much because things like identity fraud and new worms get the majority of the talk. A new problem has turned up for Google in their sitemaps system and it could be fairly serious because it allows anyone to access a site's metrics.
 | | Google Sitemaps Opens Lock to Site Metrics |  |
Danny Sullivan of SearchEngineWatch explained the situation:
In order to see stats for a site, you have to verify you own it by installing a special file on your server. Google randomly generates a filename to use; you install this file, then Google checks to see if it exists. If it does, you can view stats for that site.
The problem is, some web sites will respond that any page exists, even if it doesn't. Rather than sending out a 404 File Not Found error message, they'll dynamically generate the page with content anyway or they'll tell the user the file doesn't exist, but the server code sent to a browser says differently.
He also mentioned another problem saying multiple people were able to gain access to the information at the same time. He suggested the system should be "smart enough that if one person ownership, no one else could."
Sullivan posted Google's statement on situation:
This morning we learned of an issue with the Google Sitemaps tool that may have temporarily enabled users to view statistics about sites they do not own. We acted quickly and fixed the issue. To ensure the security of all sites using the Google Sitemaps tool, we will re-verify all sites added in the last 48 hours.
Google isn't normally associated with software so it's unusually to run into security problems with them. They do happen occasionally though and when they do, users should take note.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
