Feeds

Google: Our rapid load won't give you anything nasty

You could get exploited without even saying yes

Securing Web Applications Made Simple and Scalable

Google has downplayed concerns that refinements to its search technology could leave surfers more exposed to search engine manipulation attacks.

Google Inside Search aims to speed up web searches by pre-loading content from remote sites. The so-called Instant Pages technology only works with Google Chrome.

Miscreants often manipulate search engine results so that links to scareware portals and the like appear prominently in search results for newsworthy terms. These search engine poisoning tactics rely on establishing link farms after hacking into portions of popular websites, using search engines’ “sponsored” links to reference malicious sites and injecting HTML code, among other tricks.

Scareware affiliates normally rely on potential victims to click on links to malicious sites among search results before they are whisked away towards dangerous domains. However, the Instant Pages technology might remove this requirement, pre-fetching content from malicious websites and "creating a possibility that a user can be exploited by simply searching, without even clicking on a link," warns Dan Hubbard of Websense Security Labs.

Google maintains that is being careful to minimise the possibility of harmful content getting pre-fetched.

"We've thought hard about this issue, and we don't believe there is any additional risk to users," a Google spokesman explained.

"Sites marked as potentially harmful by our Safe Browsing technology will not be pre-rendered, nor will sites that Chrome detects as suspicious. We also exclude sites with SSL certificate issues and those that try to download files or display popup alerts."

Google added that search engine poisoning to promote scareware sites and the like is an industry-wide problem. ®

Mobile application security vulnerability report

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.