
New hacked site notifications in search results - bjonathan
http://googlewebmastercentral.blogspot.com/2010/12/new-hacked-site-notifications-in-search.html
======
tptacek
Uh.

Google really, really ought to be clear what the terms are for being included
in the "Hacked Sites" index. They presumably mean to evoke Gawker with this
description. But by their own definition, a site with a serious XSS flaw could
end up in the same index†.

Meanwhile, you can be assured that despite the routine discovery of similar
flaws across their own properties, the majors are never, ever going to see
that Google scarlet letter on their own links.

† _And why wouldn't it? It's a flaw with approximately the same impact on end-
users, and on search integrity. I know it doesn't seem that way, but that's a
quibble about the sophistication of exploits, not the vulnerabilities
themselves._

