Google Hands Out Web Security Scanner 65
An anonymous reader writes "Apparently feeling generous this week, Google has released for free another of their internally developed tools: this time, a nifty web security scanner dubbed skipfish. A vendor-sponsored study cited by InformationWeek discovered that 90% of all web applications are vulnerable to security attacks. Are Google's security people trying to change this?"
Re:I don't trust it (Score:5, Insightful)
If you want the internet to remain free, you'll have to get off your lazy ass. Start by going and downloading the skipfish source - it's under an Apache license - and audit it for us. Tell us if it's got any phone-home reporting, if it leaves out any major items from it's scans, etc.
We all know we should question everything, including Google's intentions. We're pretty smart, we get that. Instead of offering blind, childish rhetoric, you could offer proof and/or solutions. Just sayin'; calling Google a major privacy invader doesn't stop them.
Re:I don't trust it (Score:1, Insightful)
You shouldn't.
Same as anyone else, trust the code.
http://code.google.com/p/skipfish
It was linked in the article..?
Oh Please, GIVE IT A REST. (Score:5, Insightful)
Google is one of the most anti-privacy, intrusive evil corporations out there, second only to Facebook. They make a living over promiscuous sharing of personal data. Why should I trust them?
Have they ever lied to you about what they do? I don't use Google under any misinformed idea that they *don't* track everything I do. I go into it knowing that this *is their business*.
Where you under some other impression?
Re:I don't trust it (Score:5, Insightful)
Re:I don't trust it (Score:5, Insightful)
I could just bury your comment by modding you a troll, but I'd rather correct the misinformation.
Microsoft has patents on how to sell your personal information to the highest bidder. Microsoft, Yahoo, and AOL all handed over your personal search histories to the US government. They all play ball in China. Yahoo handed over bloggers to the Chinese government.
Google targets ads to you, but they don't share your personal data out to anyone. Google tracks your information to serve up ads, but this is all machine controlled. It isn't like Google employees sit around all day reading your email.
If you don't want Google to have your information, then don't use their services. I happen to really like their services. I want the convenience of being able to get to my mail from any device without having to try and run my own mail server (dealing with SSH attacks, whitelisting, backups, etc. can be a pain). Google provides me a free service I enjoy, and thusly I willingly accept the trade-off of targeted ads.
They are VERY upfront about what they do, and they also provide tons of great open source products. They are the primary funder of Firefox, and they fund a decent chunk of Linux development. I'm sick of people calling them evil every single day without providing one single piece of evidence.
Either provide some evidence, or stop spouting FUD and lies. Personally, I'm sick of it.
Re:I don't trust it (Score:5, Insightful)
Someone sends me an email from a gmail acct, poof, there I am. And I can't reply without using gmail, because that is all they use.
True, but not really relevant -- if they weren't using Gmail, they'd be using something else. Do you trust Yahoo or Hotmail any more than Google? How about some random ISP?
And it's not like they can track much from that, other than your conversations with someone who already keeps all their other conversations with Google.
Re:BS - this is important (Score:5, Insightful)
Google didn't start the censorship in China, it wasn't their idea, and they weren't the first group to comply with what is, in China, local law. They've also been pretty clearly repulsed by the rule, hence the issues they are now having with the Chinese government. They went into a crappy situation thinking that maybe they could improve things, or at least tolerate them until it had enough time to change (and it is just a matter of time, really)... apparently they were wrong, have seen the error of their ways, and are getting the heck out while they still can.
You seem to think that isn't good enough. So do you believe that because a nation makes laws which you don't agree with, private companies should be obligated to violate those laws in those countries? That failure to do so constitutes evil?
You can't possibly think that would end well.
Many people are working to help App insecurity. (Score:2, Insightful)
Re:BS - this is important (Score:2, Insightful)
Wasn't script kiddies that attacked Google in China. It was, as they said, a "nation-state" attack. With plants/spies on the inside of Google China. That's why Google is getting consulting from the NSA now. Google can handle any script kiddie, any botnet, any DDoS, any virus. What they don't have skill in is handling nation-state attacks. Ones that rely on not just attacking from the outside via the internet, but also attacking simultaneously from the inside with pro spies. The NSA, being in the spook biz, has that experience.
All the focus about The Virus? That's virus' makers and virus researchers spin on the story. They only focus on that because that is what they sell. Yes, it was one part of the infiltration. But only one very, very small part. They (the people that actually deployed the virus, not that poor patsy Uni student that the Chinese gov chose as their scapegoat) had inside help. It wasn't the work of script kiddies. It was the work of pro spies. With government resources as their disposal.
While they do censor in countries in compliance with laws (for example, no Nazi stuff in Germany), the difference is that in China, you have to "self-censor" and self-police. The government doesn't tell you what's bad and what isn't. It lets you guess and if you guess wrong, they pull the plug and you lose money. Also, there's no legal process for the censorship. It's all guesswork.
Baidu invites government censors into their office and they sit and work there "as contractors." Google didn't allow that. Google.cn was the least censored of the Chinese search engines. Because all the other companies "self-policed" too much. Google.cn self-censored the least.
Don't get me started the corruption. Baidu and other domestic Chinese have connections with Chinese politicians. When a competitor does too well, they go through back doors to get the competitor censored or slowed down by the firewall, so their share of traffic goes down.
China will never let a foreigner win through free competition. They will rig the game (through the firewall) so that all the local Chinese companies are first. THEN the foreigners can compete for whatever spots are left over.