Google Blogoscoped

Forum

Google’s Internal Subdomains

Ron [PersonRank 0]

Tuesday, June 8, 2010
14 years ago8,211 views

In a post form 2006, Tony Ruscoe who was the co-editor of this blog, and is now a Google employee wrote:

"Doing a quick Google search for [“corp.google.com”] returns around 19,000 results where people have found references to some of these subdomains in their HTTP referrer logs, presumably leaked when Googlers click through from Google’s intranet, internal applications or test sites.

In addition to these, I recently obtained a long list of what seem to be internally accessible subdomains that don’t appear to be discussed anywhere else."

Which is published in the blog post here: http://blogoscoped.com/archive/2006-09-20-n72.html

I was wondering if Tony (or Philipp) can recall how exactly did Tony obtain that list?

Philipp Lenssen [PersonRank 10]

14 years ago #

If I recall correctly, some of Google's external automated systems leaked information about their internal systems, though the errors were then fixed, either because Google noticed themselves or we alerted their security to it. Imagine for instance if an external Google system gives the message "Webpage not available" to users when tested against unlikelyname.corp.google.com vs the message "This webpage isn't available" when checking for actualprojectname.corp.google.com. These types of leaks are often various and diverse, from different external systems and more, often not a single source. Not sure about this specific blog post by Tony, I'd have to check, but this should give you an idea of some of the issues involved...

Ron [PersonRank 0]

14 years ago #

Philipp, thanks, great explanation.

I was't aware that you were into vaulnrability scanning too, but good job alerting Google i hope they thanked you in an appropriate manner.

BTW, how does one go alerting them about stuff? Did you and Tony had like a special contact or something?

Philipp Lenssen [PersonRank 10]

14 years ago #

I mostly send mails to security[put at-character here]google.com, sometimes with Matt Cutts CC'd. (I once had what I thought was a priority security mail address, but it didn't really work better, so I kind of stopped using it. I also once was referred to a personal contact there to send mails to.) Sometimes, things got handled, sometimes not, sometimes they replied and sometimes not. If there's no reply after a certain time it might lead to a blog post with more details (in case there was a first post where some details weren't disclosed yet).

Sometimes only a blog post convinces Google that things are problematic, like when I accessed a private (well: "unlisted") Picasa photo album by one of the Google co-founders... before that I was on the phone with Google but they tried to convince me it's not a big issue, but after some time they fixed the hole (private album paths were easily guessable because they were using the album title as path... someone at Google even tried to convince me that a user could simply use a complicated number or string combo in their album title to prevent this, but I told them I didn't think it was good to leave security to users!).
http://blogoscoped.com/archive/2006-06-14-n63.html

Ron [PersonRank 0]

14 years ago #

Thanks for the details on how Google handles (or doesn't) security issues. Leaving stuff open and not cleaning what needs to be cleaned is seems stupid.

I have something I want to show Matt, can you drop me his email to my email? And if you happen to remember who the "someone on the phone" was that would also be nice. He seem to be a little dense, but he fixed stuff at the end.

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!