Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Plugs Hole That Lets You Remove Any Website

Posted by CmdrTaco on from the yeah-we-uhh-meant-to-do-that dept.

blowdart writes "Google today disabled their webmaster tools after it was discovered that anyone could use the tool to remove any site from the google index. The exploit was pretty simple, all anyone had to do was to have a google webmasters tool account and edit a query string parameter on a valid removal to point to a domain they didn't own!"

14 of 116 comments (clear)

  1. I really wish... by Anonymous Coward · · Score: 5, Insightful

    this hole was open long enough for someone to remove Expert Exchange & all the other BS...

    1. Re:I really wish... by Anonymous Coward · · Score: 3, Funny

      What!?!? Would you rather your sex change be done by an amateur?

    2. Re:I really wish... by RedACE7500 · · Score: 5, Informative

      1. Log in to your Google Account
      2. Search for Experts Exchange
      3. Click on the result for Experts Exchange
      4. Press Back on your browser
      5. Click "Block all www.experts-exchange.com results"

    3. Re:I really wish... by RedACE7500 · · Score: 4, Informative

      Alternatively, manually block sites from your results here: http://www.google.com/reviews/t

    4. Re:I really wish... by Mister+Whirly · · Score: 2

      Adblock+ and scroll down to the bottom. Simple solutions.

      --
      "But this one goes to 11!"
    5. Re:I really wish... by TheRaven64 · · Score: 2
      I've not used Google for a while, but I seem to still have these lines in my user CSS:

      li h3 a[HREF*="http://www.experts-exchange.com/"] {display : none ! important }
      A[HREF*="http://www.experts-exchange.com/"]:after { content: " [IDIOT WARNING]"!important ; color: red }

      The first hides expert sexchange links from Google search results, the second flags them with a red idiot warning if they appear elsewhere, so I don't accidentally click on them.

      --
      I am TheRaven on Soylent News
    6. Re:I really wish... by IAmGarethAdams · · Score: 2

      Yes, a common suggestion is that Experts Exchange *aren't* playing the system because the answers are there if you scroll down.

      I was pointing out that they *are* playing the system because the answers are *only* visible after clicking through from a Google search result. Try finding a page where the answer is at the bottom, and copy the URL into a new tab/window/browser. Abracadabra! The answer disappears!

      Experts Exchange is just another paywalled site at the end of the day, but they use dodgy practices to try and make you pay for their service rather than actually concentrating on being a useful service.

  2. Too late by esocid · · Score: 2

    /. was already removed from the internet. That's why no one is commenting.
    Come to think of it, how did I get here? Where am I? I'm old.

    --
    Absolute power corrupts absolutely. indymedia
  3. Re:Bobby tables by Shikaku · · Score: 4, Informative

    http://bobby-tables.com/ Obligatory response.

  4. Interesting applications possible... by CCarrot · · Score: 3, Funny

    What if someone used this exploit to remove Google.com? Then my parents couldn't enter 'google' in the white box (Google homepage) to get to 'the internet'!

    Agh. I think my head exploded.

    --
    "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
    1. Re:Interesting applications possible... by MacGyver2210 · · Score: 2

      I can't remember how many times I've tried to explain to various family members the differences between the two boxes in the title bar. It's a lot, that's for sure.

      They never seem to get it, and perpetually type URLs into the search box.

      --
      If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
  5. Re:Bobby tables by fuzzytv · · Score: 2

    The bug in webmaster tools has nothing to do with SQL injection, so although I like XKCD the two posts are quite irrelevant.

  6. Re:Probably an honest mistake by Nadaka · · Score: 2

    Trust but verify. Verify the crap out of anything you get from the user. Even if its a read only field, even if its a hidden field, even if it is encrypted.

  7. Re:Bobby tables by petermgreen · · Score: 2

    The problem I see with deniable encryption is that while they can't prove there is more to see you can't prove that there isn't. So if they think the keys you have given them are decoys they will just keep tortuting you until you either reveal further keys or die.

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register