Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Google mistakenly calls entire Net malicious
Published: 2009-02-01

A typing mistake led search giant Google this weekend to briefly classify the entire Internet as potentially malicious.

On Saturday morning, every search result began to display the "This site may harm your computer" link that Google uses to flag potentially malicious sites. The search company quickly fixed the issue and stated in a blog post that human error caused a flawed update to its list of bad sites, resulting in every Internet site being classified as dangerous.

"We periodically update that list and released one such update to the site this morning," Marissa Mayer, vice president of Google's search products and user experience, said in a blog post. "Unfortunately — and here's the human error — the URL of '/' was mistakenly checked in as a value to the file, and '/' expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file."

The StopBadware project, which maintains criteria that Google's uses to create its own filters, clarified a misperception in many media reports that the list used by Google comes directly from StopBadware.

"The mistake in Google’s initial statement, indicating that we supply them with badware data, is a common misperception," the statement said. "We appreciate their follow up efforts in clarifying the relationship on their blog and with the media. Despite today’s glitch, we continue to support Google’s effort to proactively warn users of badware sites, and our experience is that they are committed to doing so as accurately and as fairly as possible."

Google stated that, because its updates are staggered, the problems should have lasted only about 40 minutes for any particular users. However, in a separate blog post, the company added that the block list is also used in its spam filters, so legitimate messages may have been classified as spam. Google is currently reviewing all filtered messages to return legitimate e-mail to its recipients' inbox.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus