Receive an email from Google? Your website might be hacked

As you know Google scans the websites on the Internet regularly. So it only makes sense that they are able to detect when sites have been hacked. Recently they have notified the webmasters of 20,000 websites where code on the sites redirect visitors to a malicious site. The code they look for in this latest scan is an eval() function used to execute Javascript.

The email provides a link to a page with instructions on how to clean the website: Google's Webmaster Tools support page.

I applaud Google's efforts and would like to see them continue this. A part of me, though, wonders how long until spammers start sending out fakes notices with link to their malicious site. Maybe they should just tell people to visit their search site and search for removing eval function from website -- I'm pretty sure they have the ability to redirect users to their fix page. ;)

This article talks about this item in further detail. http://www.h-online.com/security/news/item/Google-warns-the-operators-of-thousands-of-hacked-web-sites-1542374.html

Google CEO says no anonymity on future Internet

Google CEO Eric Schmidt stated in a talk at the Techonomy conference in Lake Tahoe that 'true transparency and no anonymity' are required to combat identity theft. He said the increase of information generated every day has helped social interaction but created a condition that helps identity theft thieves. He said there needs to be a verified way to identify people and that Governments will demand it.

My concern would be the procedures and policies surrounding the protection and use of this identity information. The information will need to be protected and how it will be accessed will be critical to whether the system is successful. If run poorly it could actually increase identity theft cases.

See more about the speech here: http://www.thinq.co.uk/2010/8/5/no-anonymity-future-web-says-google-ceo/

Criminals force Google to change algorithms

According to reports Google is about to or has already changed their search algorithms as a response to the increased exploitation by criminals using black hat search engine optimization attacks. See article here.

That's great news, assuming they are successful, as I've been discovering and reading about so many black hat SEO attacks that I'm starting to worry about non-security users utilizing Google for search. I'm not satisfied with Google's response to these attacks because in my opinion they have been much too slow and in some cases don't tag the offending searches as a security risk.

Based on the typical information security cycle (or arms race) this won't be the last time they will have to change their algorithm but let's hope this makes it extremely difficult for the criminals to continue using Google as an attack platform.