Google Blogoscoped

Monday, November 21, 2005

Google Sitemaps Flaw Revealed Data

Search Enngine Watch and other sources report a flaw in Google’s Sitemaps program. Google Sitemaps as of recently enabled webmasters to see statistics on top keywords driving traffic to their sites. Now the flaw enabled you to see those statistics for some sites you didn’t own... sites including eBay, AOL, and even Google’s own Orkut!

What was behind this flaw that caused the privacy leak? Google Sitemaps asked webmasters to put a special file with a uniquely and randomly generated filename on their servers. After all, if you can upload something on a server into a specified location, the server should belong to you, right? So to verify you’re indeed the owner of the domain, Google checked if the page existed, and identified you as webmaster if that was the case. What Google forgot, though, was that some servers – like those of eBay and AOL – are misconfigured and don’t reply with a correct “file not found” information when you try to access non-existent pages (instead, they redirect you to a “found” page including typical “Were you looking for ...” information). In doing so, they fooled Google into believing that the unique file was indeed put on their server.

Well, the bug has been fixed now. Danny Sullivan of Search Engine Watch says Google sent him the following statement:

“This morning we learned of an issue with the Google Sitemaps tool that may have temporarily enabled users to view statistics about sites they do not own. We acted quickly and fixed the issue. To ensure the security of all sites using the Google Sitemaps tool, we will re-verify all sites added in the last 48 hours.”


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!