Design Update For Search Engine Roundtable | Main | Number Two Result in Google For "Shoes" is YouTube

February 26, 2007

Is Google Apps Domain Verification Asking For Trouble?

There was a lot of buzz last week with the launch of Google Apps Premier Edition and with that comes potential harm. Yes, Google Desktop has recently been reported to have two serious malicious holes, both, I believe, now patched. But what about Google Apps?

With any hack, one of the first steps is to locate vulnerable sites or computers. Google Apps requires sites to verify domain ownership within the first 30 days. They can do this one of two ways:

  • Create a CNAME record
  • Upload an HTML file to your server

A Cre8asite Forums thread shows how easy it is to use Google to search for sites that are potentially running Google Apps for Domains on their site. A search on inurl:googlehostedservice.html currently returns just about 700 sites. Now, I am sure many opt for the CNAME method, and I think that those can be easily discovered, but now with a simple Google search.

The thread asks, is Google asking for trouble with this? Why not make a dynamically generated file that has no pattern, that can be uploaded to your server. Instead of a standard file named googlehostedservice.html?

Forum discussion at Cre8asite Forums.



Like The Story? Vote For It On Yahoo Buzz! Or On Sphinn!

posted rustybrick in Other Google Topics at February 26, 2007 7:51 AM Comments (1)

Google Co-op Cartoon Barry

Comments

here is a small list of domains hosted on Google Apps.

Found 93 websites with the IP 66.249.81.121

1) 1060west.net
2) acapitolblog.com
3) akramawad.com
4) anotherchancetosee.com
5) bestfile.net
6) bharathone.com
7) blog.dearmyrtle.com
8) blog.fuxoft.cz
9) blog.mlchen.com
10) blog.quitebasic.com
11) blog.tripdatabase.com
12) bossip.com
13) brewlounge.com
14) calendar.keimel.com
15) calendario.cosital-murcia.net
16) ccim.net
17) cgindia.org
18) comunidadtulay.com
19) consolsys.com
20) creativityredefined.com
21) crimeincharlotte.com
22) dancingbear.com
23) david.hochstaetter.net
24) davidscudder.com
25) devilskitchen.me.uk
26) doesyourbusiness.com
27) eclipse-x.cjb.net
28) fanfiction.org
29) fantastagirl.com
30) feen.com
31) firstbollywood.com
32) fitforpublicconsumption.com
33) fixkp.org
34) footprints.organique.com
35) freethoughtguy.com
36) games121.com
37) genealogue.com
38) ghs.google.com
39) gmail.akcenter.org
40) gmckinney.info
41) gotjits.com
42) houseofsodom.com
43) idleburra.com
44) imsmarterthanyou.com
45) info.pecentral.org
46) isabella-stefanescu.com
47) it.dennyhalim.com
48) knittycity.com
49) knkmusic.net
50) lealauzon.com
51) lestersculpture.com
52) mail.alrabita.net
53) mail.canae.org
54) mail.episunsa.edu.pe
55) mail.goodshepherdslatedale.org
56) mail.kittycat.net
57) mail.plataniotissa.vil.gr
58) mail.weygandt.de
59) mandrake.net
60) moillusions.com
61) motocross338.org
62) mrsun.us
63) mtz-ripo.com
64) news.openflows.net
65) night-ray.com
66) nrc.tupilak.se
67) pageerror.com
68) pakistanonline.com
69) patobannon.com
70) pinoydreamacademy.com
71) restall.org
72) rodneyolsen.net
73) rotaractdc.org
74) rtfm.rawsocket.org
75) schmutzie.com
76) seabyrdtech.com
77) seanemerald.com
78) skratchboarder.com
79) skywatch-media.com
80) start.keimel.com
81) start.wpbc.net
82) techmarin.com
83) thenewsblog.net
84) ujbbc.com
85) viralavatar.com
86) warsawparkour.com
87) webmail.baradi.com
88) webmail.bsrkgaming.com
89) wiki.nettiers.com
90) wileynet.com
91) wirmo.com
92) zayed.com
93) zeal.org.nz


 

Posted by BUGabundo at February 26, 2007 10:02

Post a comment (Note: Can Take 120 Seconds For Your Comment To Show Up)

Do you want us to save your personal Information?

Premium Sponsors + advertise

To subscribe to the Search Engine Roundtable, click here