Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Admits That Google.com Is Partially Dangerous (eweek.com)

Posted by BeauHD on from the irony-at-its-best dept.

darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous sites, where malware and phishing exploits can be found. Apparently, one of those unsafe sites is none other than Google.com itself.

According to eWeek, "Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), 'Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).'"

7 of 100 comments (clear)

  1. The real shocker by EEPROMS · · Score: 5, Insightful

    is that a US billion dollar corporation is being honest for a change and applying the same rules to themselves as others.

  2. Everyone send this to Dianne Feinstein by kheldan · · Score: 4, Funny

    So she can author a Senate bill to outlaw Google.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  3. Re:No shit... by Anonymous Coward · · Score: 4, Insightful

    Much as *I* hate myself for being a gen-x waste of space and watching my contemporaries raising monumentally self-absorbed children who end up on tumblr and reddit complaining about trivial bullshit, I still believe that you have to grow up at some point and take personal responsibility.

    My mother was the first in her family to get to go to university. My grandfather got shot at by German occupiers as a profession and his dad died in a ditch in France doing the same. Every generation has different issues to deal with and every generation should stop pretending that their own particular cross to bear is so much worse than every other.

    But good on you for trying to be a decent human being. At the end of the day, that's all we can really expect from people.

  4. This is news? by LordWabbit2 · · Score: 4, Insightful

    Google may have indexed bad sites and not realized it. News at 11.

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
  5. Re:No shit... by KGIII · · Score: 4, Interesting

    By we, you mean us on Slashdot, right? Well, I'd like to say that "we" never did any such thing because "we" are not retarded. However... There are a few people who do post here who may very well have thought that at some point in the past or think that today.

    That is not a slight against you personally. I haven't a clue who you are, you're just "some AC" who may or may not be retarded. I'll give you, personally, the benefit of doubt but that's increasingly difficult with ACs and even some fairly frequent poster.

    If you look at my UID number then you'll see that I've been here for a minute. I used to give ACs the benefit of doubt and I usually try to do so still but it has reached the point where I'll oftentimes just delete the reply notification if it is from an AC. I don't know if ACs have collectively gotten worse or if I've just become less patient. There are also some really stupid people who have accounts. I can mentally filter them out more easily as I notice names when I read the threads.

    So, as much as I'd like to say that we're not stupid enough to think that sort of thing here on Slashdot, we're not that bright. When I joined Slashdot, I actually joined and kept my mouth shut for a long time - this was way back with my first account that I've long since forgotten the name of. I registered but didn't say much for a very long time because I was too busy enjoying reading the smart people's posts.

    I'd like to say that we were better then but that's not actually true. I was just dumber then. See, I've gone back and read a lot of those old threads and we've always had stupid people.

    I don't really know where I'm going (and I didn't when I started) with this post but I'm basically trying to say that I'd be a liar if I said I didn't think someone here was stupid enough to believe it. Sure, they're not going to acknowledge it now that they've seen this but there's surely at least one person (perhaps they're just unfamiliar with it and not stupid) who believes that Google actually makes a true good-faith effort to clean their links of malware, copyrighted material, and other undesirable information. Someone here believes that Google has people, or software - but probably believes it's people who double check the software results, that actually check for malware.

    How many times have you come across Google-cloaking, or whatever they're calling it now? When you see a search engine result, click the page, and the page doesn't actually say anything even remotely like what the search engine result says? Yeah, Google also claims they remove them from their search engine - or claimed that they were going to do so. I seem to recall they said they *still* do so, don't quote me on it. But, see Forbes... If you check a Forbes link at Google, you'll see they cache something different than they display to the Google web crawler/bot. Hell, one of the popular help forums, before the advent of StackExchange, used to get prominent rankings but displayed different content to Google than it displayed to the users. Yet, they stayed high in the ranking for years.

    No, no... I don't trust Google to do anything more than they absolutely have to. No, I don't trust Google to have my interest at heart. I don't trust Google to protect me. I don't trust their "don't be evil" slogan and I seem to recall they've actually gone so far as to remove that.

    But someone, even someone here, certainly believes that they do all those things and more. It could be stupidity or they could just not yet know better because nobody has told them and they've not come across it. If there's something so stupid that nobody could possibly believe it, in your opinion, there's almost certainly at least one person on Slashdot who not only believes it but will argue about it. No stupidity is too great or too small for a Slashdotter to not believe it.

    It's at this time that I'll be humble and point out that I am actually a Slashdotter too. Chances are good that there's something stupid that I'm completely certain about.

    --
    "So long and thanks for all the fish."
  6. Re:Viruses just get easier and easier to get by KGIII · · Score: 3, Informative

    Just install uMatrix and be done with it. It will take a little while to figure out how to use it and you build up your whitelist as you go. Just keep your settings files backed up and reasonably current and you can use them across multiple computers and multiple browsers. Block everything you don't need. I may refresh a screen a dozen or so times before I get the settings for that site right but it's always the least permissions and I only have to do it for that site once. It's amazing how many sites I don't even bother with doing it for them at all.

    I may not have full functionality but I'm only going to visit that news site once - I don't need to have their dynamic content of their latest weather updates loaded in the upper left, a dozen trackers in the bottom, an optimizely script to make sure I get the correct display on a mobile, or anything like that. If I want a script to run then I enable it and refresh. I generally don't want it to run. If I do then I want it and only it to run. I also want it to be selective between sites. (Things a hosts file can't do.)

    So, I use uMatrix and get along just fine. It took a little while to figure out how it works. I then figured out that I should save the results. (It's just a single click.) I then realized that exporting them was possible and a good idea - I use multiple computers. I then realized that I could load even fewer things. I then realized it had a way to set the defaults if I wanted to enable them - so I let CSS and straight images (no scripts) display.

    I've yet to have to enable a third party cookie, for example, on *any* site for *any* functionality. If a site wants to load too many things then I just don't bother - I've a limit to what I'll allow for code to run on my computer. It's mine. I control it. I say no.

    It's really just an easier way to practice safe hex. It's what you should be doing anyhow. I don't have to go through all of the things you're doing. I don't need to use a VM. I don't have to worry about infections if code doesn't run. I let first party stuff load by default. That's it. I often won't allow any third party content at all. That's how you get nasties... I don't want nasties. There is no content so meaningful that I am going to enable people who aren't me to run random things on my computer. There's no site worth it.

    I'm building out a site right now - actually in another tab. There is third party content. Every bit of it is optional and the site retains full functionality without it. There's no need to enable any active scripting, of any type, to make full use of the site. You can even use it just fine in Lynx.

    By the way, if you're using Windows there's a really neat browser you can try. It's called OffByOne. It doesn't do much except browse pages. There's no scripting allowed. None. There's no way to make it work, last time I used it.

    --
    "So long and thanks for all the fish."
  7. Really? by argStyopa · · Score: 4, Insightful

    This sounds about as intrinsically dangerous as a phone book: some of the numbers enclosed may connect you to criminals and naughty people.

    --
    -Styopa