digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

School Finds Out It's Not Google's Fault

searchnewz.com — A snafu between Google and a North Carolina school brought with it some valuable lessons: spiders can't type passwords; Google crawls so deep only reporters can find it; you should double check your security; and everyone likes a judge with a funny name. So ends this latest google saga.

Bury
show profanity settings
expand all
  • Crass22, on 10/12/2007, -1/+25"As for Judge Richard D. Boner (seriously, grow up), it's nice he was able to penetrate Google's silence. Google removed all of the pages in question from its index and the information is no longer accessible. "

    HAHA what a silly news article, im glad to see a journalist out there that has a sense of humor. But really you would think that is has already happened before and that any IT administrator (especially one for a school) thats worth anything would be aware of this already. The school did a shotty job with their security, and i hope the parents press charges against the district.

    oh yeah that picture of the superintendant was freakin awesome too.
  • duality, on 10/12/2007, -10/+2Yes, this has happened before. I actually thought that Google or some other search engine accidentally did this to Apple's website a few months ago.
    • jrhelgeson, on 10/12/2007, -1/+30I'll tell you *exactly* how google bypassed the authentication.
      1) Googles bots do not allow for the placement of cookies when they are indexing a site, nor do they execute javascript.
      2) When the webpage goes to query the cookie for the "isLoggedIn" or equivalent variable, it is not stored in any cookie. When the javascript routine should bump the user back out "re-login" to set the variable, and Google doesn't RUN javascript, then they can continue to follow any link they find to continue indexing the site.

      SO: If you want to hack a poorly written website 1) disable javascript and 2) disable cookies, then you can browse past the authentication pages and you too can view all the "Secured" content.

      Joel Helgeson
      www.appiant.net
    • pgouy, on 10/12/2007, -0/+1That reminds me of a post on thedailywtf !
    • Murdats, on 10/12/2007, -0/+1this happened on a government site a while back, except the spider clicked all the "remove contents" links so all the information was removed from the site, googles fault, I think not, anyone trying to make it out to be is merely trying to direct attention away from their own shoddy work
  • pbjorge12, on 10/12/2007, -15/+3"Judge Richard's Boner was able to penetrate Google"
    hehe...I like twisting people's sentences...
  • artnez, on 10/12/2007, -11/+29"Dick" is short for Richard. "Dick Boner". Oh my god. I couldn't stop laughing. I know it's childish.. but seriously... oh.. my.. god... how did he get through high school with a name like Dick Boner... hahahhaahaaaaa
  • Tialys, on 10/12/2007, -6/+5I'm sure I'll get crucified for this, but shouldn't google have some easy way to report a thing like this? "Don't Be Evil", right? I can't say the school is blameless, but google didn't help the matter. Anyone know if it is possible to get a hold of someone at google in a situation like this?
    • david76, on 10/12/2007, -1/+1If you've previously been in contact with someone at Google, say regarding Google Mini or Google Enterprise, you could probably get word to the right person via a sales or technical rep. Granted, most people don't have this kind of access, and I only did because of interest by my employer at the time in the Google servers. (The deal fell through because of language Google wouldn't agree to in a contract, curiously related to crawling secure content, which Google Enterprise can do.)
    • Bogtha, on 10/12/2007, -0/+8> shouldn't google have some easy way to report a thing like this?

      They've had a way to do that for years.

      "How can I remove content from Google's index? "
      -- http://www.google.com/support/webmasters/bin/answer.py?answer=35301

      That page is actually the very first hit if you type 'remove web page from google' into Google.
    • c0uchm0nster, on 10/12/2007, -7/+2they do.
      http://www.google.com/support/webmasters/bin/answer.py?answer=35301&topic=8459
    • ywong137, on 10/12/2007, -1/+5Google's big thing is automation, so they have less front-line staff than basically any other technical organization in the world. So it's actually not too surprising that it's nearly impossible to reach a human being at Google (and perhaps a bit ironic). The problem with "Don't Be Evil" is that so much of Google is run by machines, and machines understand neither good nor evil.
    • c0uchm0nster, on 10/12/2007, -1/+4beaten to it... and the edit feature seems to be gone on digg?
  • vspazv, on 10/12/2007, -0/+21As most porn sites learned long ago you need to restrict access to EVERY document you want to protect, not just the index page.
  • weirdal, on 10/12/2007, -2/+18http://www.meckgop.com/candidates.php?id=191

    "Judicial Philosophy: Be firm"


    hahaha
    • FreddieD, on 10/12/2007, -5/+2Now you're just getting cocky..
    • koguma, on 10/12/2007, -0/+2You all missed the "Boner Seat" up top.

      Margaret Boner? The Boner family? Too funny..
  • TheAttacks, on 10/12/2007, -6/+1funny, i used that school district's website for some online tests they had in a class i took. that county is right next to mine, i believe.
  • lo0ol, on 10/12/2007, -2/+3This article does bring up a valid point: Google's support is, in many cases, non-existant. If you've ever tried to get a hold of them via email you'll know what I mean. Sometimes they're decent, especially if it's directed towards something more specialized like AdSense support, but if you're looking for more information about why site x was penalized in the rankings, for example, you're rather SOL.

    I do realize that it must be incredibly difficult to give support to everyone in the world regarding their websites, and yes, there are a ton of people that will ignore a FAQ no matter how many times you stress it, but beyond that it's still difficult to talk to someone at Google. Even at AdSense it can be difficult; I've heard the stories of people getting the boot for seemingly no reason and they can't appeal or gather more information from Google about it. Sometimes people make mistakes, and sometimes they truly want to make good on it, but if there's no way for Google to help them out with this then they're back to being SOL.
    • duffman03, on 10/12/2007, -1/+5I can't believe anyone could give ANY blame to google in this case. And why is the school district storing that information on a webserver?
    • panique, on 10/12/2007, -0/+7An unsecured webserver, no less. The school should be the ones getting dragged into court.
    • lo0ol, on 10/12/2007, -0/+2"I can't believe anyone could give ANY blame to google in this case."

      I'm simply addressing the point that was raised in the article: that the school system had an extremely difficult time trying to contact Google about this. I find that to be true. Do I think that the school system is completely wrong in this case? Yes. But that doesn't mean that it makes Google more accessible to the masses for contact information.
    • dizzley, on 10/12/2007, -0/+2I know Google is heavily automated, but can't they have at least some kind of bot to take emails with comments and complaints. How hard would it be to make some sense out of an email and route it to someone who could do some good? Mmm. You'd need some kind of text-searching facility to make it work. Google is faceless when it comes to this sort of thing.
  • dharm, on 10/12/2007, -1/+16robots.txt

    sometimes school system/network admins are the biggest idiots around.
    • Bogtha, on 10/12/2007, -1/+10robots.txt only protects you from robots, funnily enough. It doesn't password-protect anything, the sensitive information is still unprotected ready for anybody to download.
    • ocram, on 10/12/2007, -0/+7Hiding anything using robots.txt is a very bad idea, and may in fact do the opposite. If somebody with malicious intent was looking for 'hidden' files, listing that directory in the robots.txt may draw their attention to it.

      If you absolutely have to store sensitive information on a public web server (why you would I don't know), at the bare minimum you should use a .htaccess file for user authentication and ideally encrypt the files.
  • Niteryder, on 10/12/2007, -10/+1I had a good time down Hotlanta way back 92. Hopefully next time El Judgepoo makes law he really focuses and realizes that, you can't get rich, when you don't know how to run the scam....
  • captainmicahp, on 10/12/2007, -4/+3I am from NC and when I was about 13 the Honorable Judge Boner was running for election. all along my bus route there were "vote judge Dick Boner" signs on the side of the road. It has made me chuckle for 15 years. It wont ever get old.
    • HiT0, on 10/12/2007, -1/+0oh man that is good, thanks I needed that
    • csrster, on 10/12/2007, -0/+2I's not his fault he's called Richard Boner, but he really ought to know better
      than to abbreviate his forename.
  • abohling, on 10/12/2007, -0/+7We got in a bit of a "snafu" ourselves at work when Google got into our proxy server and re-indexed copyrighted pages that in turn showed up as being stored on our servers. We had some places really mad at us for various reasons with a lot of finger pointing. We had to rework a lot of our norobots and other files to fix the problem. It took weeks/months to get it fixed from the Google side, the links still showed up by finally the proxy was asking for authentication. The robots will go anywhere you let them go and it's up to the administrators of a site to stop them. We learned the hard way what happens if you don't do things correctly.
  • analogtux, on 10/12/2007, -0/+2It's not really any big surprise that this would happen to the NC School system. Ever since I moved there I have never heard anyone say anything good about the school system. The media is always saying how the students are testing way under standards and all. So it makes sense that the would have issues with having competent IT people running the show.
  • Seumas, on 10/12/2007, -2/+15The real question is -- why is ANY of this information placed on a webserver under any conditions AT ALL to begin with?!

    Seriously, social security numbers, names, test scores and so forth have no business being placed online. Even if they are completely secure (which they never will be). Is it really so god damned difficult to print out a report card and have a parent sign it?

    Seriously - what ***** moron finds it necessary to associate a SS# with ANYTHING regarding school children on a WEBSERVER?
    • DigeratiPrime, on 10/12/2007, -2/+4amen.
    • Shinglor, on 10/12/2007, -5/+1Right on, man. And what's up with those crazy ipod things? Are people too lazy to make their own music?
  • airmann90, on 10/12/2007, -2/+1God, I bet they were in openly viewable (and maybe world-editable, lol) text files! Silly school ITs, so fun to mess with they are!
  • timmarhy, on 10/12/2007, -0/+1haha, nice how the school gloss over thier claims of the google spider getting into their password protected site now isn't it.
  • CornStarch, on 10/12/2007, -2/+1Reminds me of those infamous google image results that always turn up as "forbidden" or "Error 404" when you click on them, where the hell are they getting the image from then!?
  • koguma, on 10/12/2007, -0/+2About 5-6 years ago Google indexed some social security numbers on DOD recruitment site. I called up Google and they removed it in 10 minutes.

    Guess more money != better customer service. Yes, WE are the customers.
  • glooper23, on 10/12/2007, -0/+1O RLY? Stupid school for even thinking it was google.
  • Portfolioso, on 10/12/2007, -0/+1Of course it wasn't google's fault. I agree 100% with google. It cannot index anything that is password protected. Schools have no security at all, I can tell you that based on my personal experiences.
  • LuxFX, on 10/12/2007, -0/+4Reminds me of the apocryphal story of the website that was 'hacked' by the search engine....

    The site in question was a brand new, very large content managed website running off of a custom system developed in-house. The backend part of the system wasn't 100% ready for launch but the execs had them put it up anyway so the copywriters could go ahead and add all of the pages through their CMS system (hundreds or thousands of them, depending on where you hear the story). Then one day, about two weeks after the site launched, everything disappeared. All of the pages they had added through the CMS system were just cleaned out. The admins assume they've been hacked and start going through the server logs -- and find out that the 'hacker' was a Google IP!

    Long story short, their CMS wasn't adequately protected (like in this story) but worse, the "delete" button to remove pages in the CMS system was a plain link, with no verification! So Google, by way of simply crawling the site, was actually deleting the pages one by one.
    • dizzley, on 10/12/2007, -1/+2I love that story. Damn those robots - they really are out to get me.

      Looks like we are getting two sorts of people: those desperate to get listed on Google and those desperate to get delisted.
  • BrandonAbell, on 10/12/2007, -1/+1Anyone else hear "Dueling Banjos" in their heads while reading about this?
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.