Google Affected by Own Search Exploit
Drawing into question the safety of Google's indexing system, the Web site all-in-one-business.com managed to "hijack" Google's position in its search results with a 302 server redirect. Following the redirect, a query for "Google AdSense" returned results pointing to the unrelated site, rather than Google itself.
This type of incident can happen because of the way that Google implements the W3 HTTP specification. 302 redirects temporarily swap one domain name with another using rudimentary scripting. The spirit and letter of the specification requires Google to infer that content hosted by the 302 target is owned by the party doing the redirect.
When Google observes that there are two sources for the same content, a filter decides which site is the real McCoy.
Unfortunately, it does not always work out as intended. In total, the site all-in-one-business.com is said to have amassed 3,040 backlinks including some of Google's own internal support Web pages. This resulted in Google being supplanted within its own rating system; essentially, being buried beneath the hijacker in its search results.
Possible abuses devised by security researcher Claus Schmidt, who drafted a detailed overview of the exploit, include: "Make 'adult' pages appear as e.g. CNN pages in the search engines, set up false bank frontends, false storefronts, etc."
Google responded to the AdSense incident by telling BetaNews that its AdSense domain was not "hijacked."
"There was a problem with search results for the query 'adsense.' Due to a bug in recently released code, https://www.google.com/adsense disappeared from the top listing for a few days. The problem has since been corrected," said a spokesperson. Google, however, did not comment on whether or not the larger 302 issue was addressed.
Google was informed about the problem over a year ago. Before the AdSense "hijacking" took place, a purported Google representative known only as "GoogleGuy" addressed 302 hijackings in a posting to the Slashdot community, saying that it was, "Not a wildfire issue" that affected very few sites.
"That's search quality? That's a class product? That's a laser-like focus on search, to be aware of a problem for over a year, then let it run and run and run until it hits your own site? And then take two days to solve it? And the fix almost certainly isn't one that's been applied across the index as a whole? No, this was a major, huge embarrassing failure," said Jupiter Media Search Engine Watch editor Danny Sullivan in his Web log.
Google rival Yahoo encountered a similar problem with 302 redirects in its search engine, but has since closed the hole.
Nate Mook contributed to this report.