Today I was waiting around for a meeting to get started and pulled up Google’s blog to read about their earnings report that was posted yesterday and saw where they had expanded their Webmaster Tools to include XSS Exploit notifications. This is a great idea in my opinion!
My business partners and I were in Las Vegas a few years ago and partnered with ScanAlert (now owned and operated by Mcafee) to offer Hackersafe Certification as an add-on service to any of our clients that might be interested in certifying their web presence to be HackerSafe.
This service has proven to be a valuable tool for us internally by alerting us of vulnerabilities and potential XSS holes for some of our third party and open source client applications. Of course Hackersafe certification requires a small investment from the client to setup, etc., but with Google’s webmaster tools, this very similar service is now free!
I am extremely anxious to spend some time checking out this new tool. Here’s an excerpt from Google’s webmaster blog:
Recently we’ve seen more websites get hacked because of various security holes. In order to help webmasters with this issue, we plan to run a test that will alert some webmasters if their content management system (CMS) or publishing platform looks like it might have a security hole or be hackable. This is a test, so we’re starting out by alerting five to six thousand webmasters.
We will be leaving messages for owners of potentially vulnerable sites in the Google Message Center that we provide as a free service as part of Webmaster Tools. If you manage a website but haven’t signed up for Webmaster Tools, don’t worry. The messages will be saved and if you sign up later on, you’ll still be able to access any messages that Google has left for your site.
One of the most popular pieces of software on the web is WordPress, so we’re starting our test with a specific version (2.1.1) that is known to be vulnerable to exploits. If the test goes well, we may expand these messages to include other types of software on the web. The message that a webmaster will see in their Message Center if they run WordPress 2.1.1 will look like this:
Official Google Webmaster Central Blog: Message Center warnings for hackable sites
Questions or Comments?