back to article Google broke own security with April fool gag

On April 1st Google had a bit of fun by using the com.google domain to display all content backwards, but the folks at Netcraft think that jape backfired by introducing security vulnerabilities to the search engine. Netcraft's security folks say the joke “... inadvertently undermined an important security feature on Google's …

  1. Mark 85

    the Chocolate Factory fixed it and has promised not to be so silly again.

    Well.. that's ok then. Move along. Nothing to see here.

    1. Adam 1

      Fixed within 90 days. What's the problem?

  2. Robert Helpmann??
    Childcatcher

    One or the Other

    That omission meant “A remote attacker could" ... turn Safe Search on or off, or set location. And that's on top of the click-jacking potential, which could see users directed to false web pages.

    If you were affected by the first option, then it is most likely someone doing it for the lolz, while if you were a victim of click-jacking, then there was probably a financial motive involved for which the black hats would not want to advertise anything was happening.

    Talk about a true zero-day, though. If it was patched, then it had to have been done before the day was over; there does not seem to be an archive of the joke site available. I couldn't track down a copy of blighted site. The Wayback doesn't like it. Though Wikipedia has a link to the prank site, it notes that it "was removed the day after and now redirects to the main google.com site." It would be interesting to know why the flaw was posted two weeks after it was a moot point.

    1. Michael Wojcik Silver badge

      Re: One or the Other

      If it was patched, then it had to have been done before the day was over; there does not seem to be an archive of the joke site available.

      Presumably the "patch" involved removing the misfeature in google.com's servers that recognized the igu=2 query-string parameter and responded by omitting the X-Frame-Options header. That's the actual vulnerability, and it's independent of the existence of the joke search page.

  3. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      > Perhaps google employees should start spending less time pratting around

      Completely disagree. This is one of the few areas I applaud Google for: Allowing developers to do fun things and research projects. You forget, doing this sort of thing is how a developer *learns*.

  4. Dave 62

    Google should just stop doing April Fool's.

    The update to the Maps App for last year's Pokemon joke has ruined it for me, ever since my sat nav frequently crashes and sometimes leads me on wild goose chases.

    1. This post has been deleted by its author

    2. This post has been deleted by its author

      1. Fink-Nottle
        Trollface

        > Have an upvote, I quite agree!

        Have an upvote yourself! I enjoy comments with no useful content other than stating you agree with the OP and have upvoted their comment.

        1. sabroni Silver badge
          Thumb Up

          re: Have an upvote yourself!

          The only comments I enjoy more than the ones with no useful content other than stating that they agree with the OP and have upvoted their comment are the ones where someone comments about upvoting a comment for having no useful content other than stating that they agree with the OP and have upvoted their comment! Upvoted!!!!

          1. cd

            Re: re: Have an upvote yourself!

            Upvoted all of you, more entertaining than the article.

            1. Solmyr ibn Wali Barad

              Re: re: Have an upvote yourself!

              Upvoted, because...because... Oh,well, sod it. Upvotes for everybody it is then. Hope it doesn't ruin anyone's day.

              1. This post has been deleted by its author

                1. Solmyr ibn Wali Barad
                  Pint

                  Re: re: Have an upvote yourself!

                  "Exactly :-). It's only an upvote here and there, what does it matter?"

                  Precisely. Have one more. And a pint, just for pint's sake.

        2. This post has been deleted by its author

          1. Fink-Nottle

            @1980s_coder

            > Upvotes and downvotes apply to the whole comment, whereas by replying you can quote a certain part that you agree or disagree with.

            > Posting a comment with the pint icon and an 'I agree' or 'plus one', implies that you agree more strongly with something than a mere up or down vote suggests.

            > etc. etc.

            I'm obviously missing the subtleties of upvoting etiquette ... what does posting two replies to a single comment mean?

            In your first post you agree with the OP's first paragraph and, somewhat predictably, in your second post you agree with his second paragraph.

            Does this mean the pint glass is half full in one post or more than a pint's worth in the other? Seems to me thy cup runneth over ...

            1. This post has been deleted by its author

          2. sabroni Silver badge
            Unhappy

            re: You might like to note the following:

            5. Some people take this much too seriously.

            6. In doing so they ruin a hilarious thread.

            7. I downvoted your boring list.

            1. This post has been deleted by its author

            2. This post has been deleted by its author

              1. Simon Harris

                Re: re: You might like to note the following:

                Left and right?

                I want Strange, Charm, Top and Bottom!

                1. Michael Wojcik Silver badge

                  Re: re: You might like to note the following:

                  I want Strange, Charm, Top and Bottom!

                  And Truth and Beauty - which strike me as more useful than Top and Bottom, though the former might help other correspondents learn How to be Topp.

                  How about it, Reg? Surely you can respect our desire to acknowledge the strangeness, charm, truth, and/or beauty of out fellow commentards' work.

                2. DryBones
                  Pint

                  Re: re: You might like to note the following:

                  And now I'm pondering what quantum physics would be like if the subatomic particles were named consistent with the Konami Code...

    3. This post has been deleted by its author

    4. Simon Harris
      Coat

      "The update to the Maps App..."

      Ever since that April fool, I've needed a sharp stick to get maps app updates to stay on my phone...

      I use it to poke 'em on.

  5. Crazy Operations Guy

    Redirecting through an IFrame?

    And they didn't sanitize inputs or do anything to prevent abuse... that is amateur hour right there. Every day I come so close to just adding a new rule onto my proxy to block anything that contains an IFrame no matter its source.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like