Well that was, err, interesting. For the best part of an hour this morning (Saturday 31st Jan) Google search effectively broke. In fact, it blacklisted the entire Internet so that any search just returned a screen warning users that whatever site they had searched for "may harm your computer" and advised to try another which only popped up the same message in some insane Evil Internet Empire loop.

So what really happened then Google? Marissa Mayer, VP, Search Products & User Experience at Google, explains:

"Very simply, human error" she admits, continuing "Google flags search results with the message "This site may harm your computer" if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers. We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list. We periodically update that list and released one such update to the site this morning. Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes."

Meanwhile, Maxim Weinstein from StopBadware.org says that the original Google statement "erroneously states that Google gets its list of URLs from us. This is not accurate. Google generates its own list of badware URLs, and no data that we generate is supposed to affect the warnings in Google’s search listings." This was indeed corrected to "reflect that StopBadware does not provide Google’s badware data" according to Weinstein, who adds "The mistake in Google’s initial statement, indicating that we supply them with badware data, is a common misperception. We appreciate their follow up efforts in clarifying the relationship on their blog and with the media. Despite today’s glitch, we continue to support Google’s effort to pro actively warn users of badware sites, and our experience is that they are committed to doing so as accurately and as fairly as possible."

Back at Google HQ, the official word is that it will "carefully investigate this incident and put more robust file checks in place to prevent it from happening again." I should chuffing well think so!!!

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

9 Years
Discussion Span
Last Post by Thinka

I called a few friends, and since they didn't experience it, for a moment, I thought my computer was compromised.
So, disconnected from the internet, did a virus scan and installed a firewall and another virus guard just in case. Only when I saw the BBC headline about the Google error in a while did I breathe a bit.


Nyeah, at least it was just Google that broke and not the entire internet. Or are the two synonymous?? Now THAT would be something to worry about!!

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.