"We're happy to announce that we've launched a feature that enables Google to provide even more detailed help to webmasters," Google developer Webmaster Tools now provides webmasters with samples of the malicious code that Google's automated scanners detected on their sites. These samples -- which typically take the form of injected HTML tags, JavaScript, or embedded Flash files -- are available in the "Malware details" Labs feature in Webmaster Tools."So, while I still think it's a good idea to own Johnny Long's Google Hacks book, Google itself is now providing some really interesting information, but it's not everything that Google itself actually indexes.
For example, one common Google Hack is simply a custom search query for
username/password in unprotected files/directories. The new webmaster
tool won't show that as malware, since it's not, but it still is a
vulnerability that a Google 'hacker' could find.
The other item
that users will still need to find on their own are incidents of Cross
Site Scripting (XSS) or Cross Site Request Forgery (CSRF) vulnerabilities. Again,
these are items that technically aren't malware, but are still
vulnerabilities.
The new tools are a great start and will
clearly help to webmasters to identify where they might have malware
files sitting on their sites. Most webmasters likely don't want to be
distributing malware and every additional tool (especially a free one
like this) is another weapon to the attack the problem.
Article courtesy of InternetNews.com.
