Search Engines for Security

Recently there has been a large security vulnerability in TimThumb,  a Wordpress plugin used throughout many many standard themes in the Wordpress community. See more information about that here:

Sadly to say, I am not updating content on my own website and have many other things to think about as I'm sure most Web Administrators do. I had read the articles and thought about the latest threat to Wordpress installations. However, I never actually made the connection to check my own website! There is so much happening all the time, it is almost impossible to stay up to date on all the smaller projects which are not a primary focus.

Enter google. As always.

Dear site owner or webmaster of, As of the last crawl of your website, you appear to be running WordPress 3.x.x. Google recommends that you update to the latest release. Older or unpatched software may be vulnerable to hacking or malware that can hurt your users. To download the latest release, visit the WordPress download page. If you have already updated to the latest version of WordPress, please disregard this message. If you have any additional questions about why you are receiving this message, Google has provided more background information in a blog post about this subject. Best wishes, Google Search Quality Team

Because Google is constantly rescanning websites they have a unique ability to watch these sites for security vulnerabilities and provide a service for the greater good of the web user. I was unable to spend the time and effort to scan my website, but google was already doing it for search results anyway. What probably started out as a Googlers' 20% project has now become a great benefit for all who use the web and those who run it. It helps lift some of the burden of remembering the many different place web administrators must check, scan, update, and watch as each new threat comes about. This will be an invaluable tool as the speed of vulnerabilities continues to pick up on web applications.

It makes me wonder what else a service like this could be used for? Scanning for all common attack vectors such as XSS and SQL Injection? Links to dangerous or malicious sites on your webpage?

Many possibilities.

comments powered by Disqus