Well that was, err, interesting. For the best part of an hour this morning (Saturday 31st Jan) Google search effectively broke. In fact, it blacklisted the entire Internet so that any search just returned a screen warning users that whatever site they had searched for "may harm your computer" and advised to try another which only popped up the same message in some insane Evil Internet Empire loop.
So what really happened then Google? Marissa Mayer, VP, Search Products & User Experience at Google, explains:
"Very simply, human error" she admits, continuing "Google flags search results with the message "This site may harm your computer" if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers. We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list. We periodically update that list and released one such update to the site this morning. Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes."
Meanwhile, Maxim Weinstein from StopBadware.org says that the original Google statement "erroneously states that Google gets its list of URLs from us. This is not accurate. Google generates its own list of badware URLs, and no data that we generate is supposed to affect the warnings in Google’s search listings." This was indeed corrected to "reflect that StopBadware does not provide Google’s badware data" according to Weinstein, who adds "The mistake in Google’s initial statement, indicating that we supply them with badware data, is a common misperception. We appreciate their follow up efforts in clarifying the relationship on their blog and with the media. Despite today’s glitch, we continue to support Google’s effort to pro actively warn users of badware sites, and our experience is that they are committed to doing so as accurately and as fairly as possible."
Back at Google HQ, the official word is that it will "carefully investigate this incident and put more robust file checks in place to prevent it from happening again." I should chuffing well think so!!!
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
I called a few friends, and since they didn't experience it, for a moment, I thought my computer was compromised.
So, disconnected from the internet, did a virus scan and installed a firewall and another virus guard just in case. Only when I saw the BBC headline about the Google error in a while did I breathe a bit.