<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d29653863\x26blogName\x3dPro-SEO\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dSILVER\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://pro-seo.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://pro-seo.blogspot.com/\x26vt\x3d2468949507327226682', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>
« Pro-SEO Home || Official Google Blog Hacked? » || Google To Buy Youtube? » || Google Blog Search Ping Service » || Googles SearchMash For Testing » || Google Stop Showing Adverts To People Who Don't Cl... » || PageRank (PR) Update In Progress » || Register .mobi TLD Domain Names » || SEO Myths Busted » || Invites Go Out For Microsoft adCenter » || Tips To Write Effective AdWords Ads »

Google Blog WAS Hacked


Google blog logoEarlier today we reported on a possible hack on the google blog. At the time we were speculating that the mystery post was the result of a hack, It turned out our speculation was correct.

A bug in Blogger enabled an unauthorized user to make a fake post on the Google Blog last night, claiming that we've discontinued our AdWords click-to-call test. The bug was fixed quickly and the post removed. As for the click-to-call test, it is progressing on schedule, and we're pleased with the results thus far.
The Google Blog.

This raises a few questions, How secure is the blogger software? Like all software it is inevitable that there are going to be flaws, holes and vulnerabilities. But as the blogger software is not open source it makes finding these holes a lot harder for an attacker, but it also means spotting potential flaws is a lot harder for a patcher.

If an attacker was able to make an unauthorized post on the official google blog, What does that mean for the rest of us? How many other blogs have had unauthorized people make posts on them? In a way Google were very lucky that all this attacker had in mind was a fake news story stating AdWords click-to-call was being scrapped, They could have put anything they wanted on there, The mind boggles.

Google say the "bug" (read as critical vulnerability) was "fixed", But i guess it's only fixed until the next one is found.
| Google To Buy Youtube? »
| Google Blog Search Ping Service »
| Googles SearchMash For Testing »
| Google Stop Showing Adverts To People Who Don't Cl... »
| PageRank (PR) Update In Progress »
| Register .mobi TLD Domain Names »
| SEO Myths Busted »
| Invites Go Out For Microsoft adCenter »
| Tips To Write Effective AdWords Ads »

Posted by Anonymous Steven Bradley @ Thursday, 12 October, 2006

I guess it just shows no one is invulnerable to being hacked. The blooger software is specific to blogger so in fixing this hole it should be fixed for everyone using the system.

With security there never really is 100% secure. It's always a cat and mouse game and I'm sure there are other holes in blogger that are yet to be exploited. At least Google was able to respond quickly.  



Post a Comment