Is Google Apps Domain Verification Asking For Trouble?

Feb 26, 2007 • 7:51 am | comments (2) by twitter Google+ | Filed Under Other Google Topics
 

There was a lot of buzz last week with the launch of Google Apps Premier Edition and with that comes potential harm. Yes, Google Desktop has recently been reported to have two serious malicious holes, both, I believe, now patched. But what about Google Apps?

With any hack, one of the first steps is to locate vulnerable sites or computers. Google Apps requires sites to verify domain ownership within the first 30 days. They can do this one of two ways:

  • Create a CNAME record
  • Upload an HTML file to your server

A Cre8asite Forums thread shows how easy it is to use Google to search for sites that are potentially running Google Apps for Domains on their site. A search on inurl:googlehostedservice.html currently returns just about 700 sites. Now, I am sure many opt for the CNAME method, and I think that those can be easily discovered, but now with a simple Google search.

The thread asks, is Google asking for trouble with this? Why not make a dynamically generated file that has no pattern, that can be uploaded to your server. Instead of a standard file named googlehostedservice.html?

Forum discussion at Cre8asite Forums.

Previous story: Design Update For Search Engine Roundtable
 

Comments:

BUGabundo

02/26/2007 03:02 pm

here is a small list of domains hosted on Google Apps. Found 93 websites with the IP 66.249.81.121 1) 1060west.net 2) acapitolblog.com 3) akramawad.com 4) anotherchancetosee.com 5) bestfile.net 6) bharathone.com 7) blog.dearmyrtle.com 8) blog.fuxoft.cz 9) blog.mlchen.com 10) blog.quitebasic.com 11) blog.tripdatabase.com 12) bossip.com 13) brewlounge.com 14) calendar.keimel.com 15) calendario.cosital-murcia.net 16) ccim.net 17) cgindia.org 18) comunidadtulay.com 19) consolsys.com 20) creativityredefined.com 21) crimeincharlotte.com 22) dancingbear.com 23) david.hochstaetter.net 24) davidscudder.com 25) devilskitchen.me.uk 26) doesyourbusiness.com 27) eclipse-x.cjb.net 28) fanfiction.org 29) fantastagirl.com 30) feen.com 31) firstbollywood.com 32) fitforpublicconsumption.com 33) fixkp.org 34) footprints.organique.com 35) freethoughtguy.com 36) games121.com 37) genealogue.com 38) ghs.google.com 39) gmail.akcenter.org 40) gmckinney.info 41) gotjits.com 42) houseofsodom.com 43) idleburra.com 44) imsmarterthanyou.com 45) info.pecentral.org 46) isabella-stefanescu.com 47) it.dennyhalim.com 48) knittycity.com 49) knkmusic.net 50) lealauzon.com 51) lestersculpture.com 52) mail.alrabita.net 53) mail.canae.org 54) mail.episunsa.edu.pe 55) mail.goodshepherdslatedale.org 56) mail.kittycat.net 57) mail.plataniotissa.vil.gr 58) mail.weygandt.de 59) mandrake.net 60) moillusions.com 61) motocross338.org 62) mrsun.us 63) mtz-ripo.com 64) news.openflows.net 65) night-ray.com 66) nrc.tupilak.se 67) pageerror.com 68) pakistanonline.com 69) patobannon.com 70) pinoydreamacademy.com 71) restall.org 72) rodneyolsen.net 73) rotaractdc.org 74) rtfm.rawsocket.org 75) schmutzie.com 76) seabyrdtech.com 77) seanemerald.com 78) skratchboarder.com 79) skywatch-media.com 80) start.keimel.com 81) start.wpbc.net 82) techmarin.com 83) thenewsblog.net 84) ujbbc.com 85) viralavatar.com 86) warsawparkour.com 87) webmail.baradi.com 88) webmail.bsrkgaming.com 89) wiki.nettiers.com 90) wileynet.com 91) wirmo.com 92) zayed.com 93) zeal.org.nz

Lysa

07/17/2010 02:50 am

Google asking for trouble with this?

blog comments powered by Disqus