back to article Surfing Google may be harmful to your security

A well-known researcher specializing in website security has strongly criticized safety on Google, arguing the world's biggest search engine needlessly puts its millions of users at risk. "Google is and will be and always has been vulnerable," Robert Hansen, CEO of secTheory, told a standing-room-only audience at the Defcon …


This topic is closed for new posts.
  1. Destroy All Monsters Silver badge

    "the company regularly scans gadgets for malicious code"

    Somewhere in that statement, a Fields Medal (and subsequent total algorithmic takeover of the future light-cone) has been buried.

    Except if they mean that the result is not necessarily successful or relevant.

  2. Anonymous Coward
    Thumb Down

    I knew it!

    I knew they were up to no good.

    That's why I don't let Google even set cookies. All they get from me is my IP address and the search terms I enter, and I wouldn't give them that much unless I had to!

  3. Stan

    Sounds familiar

    "they told him the redirection was a feature rather than a flaw.", I'm sure I have heard some other company making the same kind of excuse, microshaft or something like that. Used to be in 2 minds when folks where branding google "internet evil 2" but judging the way they are crapping on the heads of the open source folks who helped them get where they are it's hard to trust them with the all seeing eye they posses.

    Google icon with devil horns please.

  4. Anonymous Coward

    Don't let Google have your IP address

    "All they get from me is my IP address and the search terms I enter"

    Try and they won't even get your IP address!

  5. Eugene Crosser
    Thumb Up

    Google icons

    "Google icon with devil horns please."

    Yes, pretty please! (maybe both: 'g' with a halo and with horns)

  6. Simpson

    The Eye of Google

    The Eye of Providence, surrounded by a G (or colored balls)

  7. Ima Faker
    Black Helicopters



    Someone released a vulnerable platform?!?!?!?!

    They've got lots of users?!?!?!?!!?

    Clearly there's a sinister plot.

    I say we just go burn google hq to the ground. Clearly they've been plotting day and night to weave an intricate net of deception to get us all to download zango.

    Fight the man!

  8. NT

    Crush all opposition

    Look, the fact is that Google started out a small, uniquely effective search engine. Because they were effective, and did the job better than any other search engine, they turned into a mighty corporate powerhouse. Mighty corporate powerhouses want more money. That's to say, however much money they've got, they want more. It's their purpose. Looking after the customer and providing a reliable service might have got them where they are, but when a company is the size of Google, and is trying as hard as Google is to crush all opposition, those necessities become millstones. Expensive millstones.

    People still seem to see Google as this brave-little-firm-that-could, and they play on the image of being the Little, Friendly, Local Guys. The truth is that they left all that behind years ago when they started making real money. Google has become a juggernaut and it's not going to stop - and your security is only a concern as far as it affects Google's ability to make money. Even then, merely searching on Google doesn't cost you anything, so aside some bizarre workings of the peculiar Internet economy (where I know money can appear, move, and disappear like virtual particles in physics) that won't make Google much money. They've got to find other ways of making you profitable - and don't they just.

    I'm as guilty as anyone. I fell out with Google when they bought the Deja Usenet archives, and again when they subjugated Blogger. But I still use them, because unfortunately they are the best search engine. But given the storm of cookies I'm subjected to by their main site, I'm starting to ask myself if the risks are worth the benefits.

  9. mittfh
    Paris Hilton

    They're not unique...

    Vulnerable platform, lots of users - err, why does a certain Redmond-based company spring to mind? They've got your IP address, your platform, all the bits of their software you've installed, and nowadays a hash key representing your hardware configuration... Shall we burn their HQ down as well? :P

    As for this redirection thingy, I can understand gadgets pulling data off third party sites, but whyever would a gadget need automatic full-page redirection? I can understand links to third party sites (e.g. weather gadget with links to a more in-depth forecast), but if their gadgets do automatic full-page redirection, that's another matter entirely.

    There is one way for Google to retain the dodgy code and still maintain "Do no evil" - a "Report" link in each gadget's title bar, to allow you to report dodgy stuff. It's hardly a new concept - it already exists on another Google acquisition - ewe choob...

    Paris because (a) she hasn't appeared here yet, (b) she'd be an ideal target for any code exploit, (c) she probably wouldn't understand a report link even if it was provided, and (d) because...

  10. Dan
    Dead Vulture


    This is what I've been saying for a while, what Google already do isn't far off what Phorm are proposing.

  11. aL

    yes lets all forget about google

    ..because microsoft does that too y'know, lets all bash them instead!


    im not saying microsoft are angels but no one can claim there is not enough suspisions against them.. i dont think google or ibm or any other large company diservs any less scrutiny.. just my 2c

  12. Anonymous Coward


    If you subscribe to all these conspiracy theories then you should know that as soon as u think something , the US government knows what it is. So what does it matter if Google are tracking you? i think you've got bigger things to worry about!

  13. Anonymous Coward

    Tracked all the time

    In the UK people get tracked by an average 300 CCTVs each day, allegedly for their own good, get crime rates are still appalling. Email is tracked, surfing is tracked by Google and others. Your credit card purchases are tracked, bank transactions monitored, DNA captured by the police. Basically most of your life is tracked. For what purposes? Commercial reasons - yes, national security - yes, crime prevention - yes. Is that anything to be paranoid about or tray and avoid? Well, if you have something to hide, for sure. But more fundamentally, the biggest issue I have with the non-commercial tracking is that we are all meant to be innocent until proven guilty.

  14. Anonymous Coward

    @lol AC

    Everyone knows Google was funded by dirty money from the CIA and is run by a black ops unit with some flambouant dweeeebs as the 'public face' of Google.

    Massive data warehouses, cloud computing = more than just saving a few webpages for searching (lets face it, Microsoft Access could do that).

    They are building an Android - news leaked so it magically because an open source mobile phone system. Except the open source is open only to a few hi-tec miltary/quangos who build robots/electronics.

    They are just getting ready to give us to the aliens and using robots to keep us under control - all hail our new CIA/Gook-squad/alien overlords.

  15. Anonymous Coward
    Anonymous Coward


    You're using a US military communications project and thinking that it's surprising they monitor everything...


    Paris not appearing in this post because even she could have made the connection.

  16. Whitter

    "the company regularly scans gadgets for malicious code"

    Regularly does not mean commonly. Could be "every 5 years"...

  17. Anonymous Coward

    Re: Tracked all the time

    I love how pro-surveillance zealots always use the argument: "If you don't have anything to hide, how can you be against surveillance?"

    I have nothing to hide, yet I still don't want anyone to track me.


    Throughout history, one American actually said something smart:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."


  18. TimM
    Black Helicopters


    We fuss about Google and yet few seem bothered by the way supermarkets track your eating and shopping habits, and share this information. The way RFID, and even just credit card details, is used between high street retailers to track your shopping habbits, and potentially enable them to offer deals in one shop based on what you bought in another, and send you junk mail based on your purchases

    All whilst you are being tracked on CCTV as you navigate your way through the streets, your car is tracked on various cameras (especially in London), and your position is tracked by mobile operators who know your location to within a 1000 meters or so.

    Not to mention the government demands on ISPs and telcoms to track your every movement on the web, mail sent, and every phone call made.

    Think Google is the evil empire? They are just one small cog in the big brother conspiracy wheel of the UK.

  19. Bounty


    " "All they get from me is my IP address and the search terms I enter" "

    " Try and they won't even get your IP address! "

    Use Yahoo! and they don't even get your search terms! Or MSN muahahaha

    Guess we need the equiv of Open Source, maybe a non-profit ran search engine, or a disributed search engine. A torrent like database of sites or something living on all nodes of those participating? Point to point encrypted of course. Perhaps something like Tor + Google + The Pirate Bay... we could call it To og ay!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021