Comments on: StopBadware brought Google down http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down On Hacking Across Boundaries Wed, 28 Jul 2010 08:51:41 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: .hac http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down/comment-page-1/#comment-22 .hac Sun, 08 Feb 2009 18:15:48 +0000 http://onhacks.org/?p=181#comment-22 <a href="#comment-17" rel="nofollow">@log0</a> I suspect you misunderstand my words. I mean they SHOULD have deployment and sign-off testing which they didn't. This should be done in a copy of the real server which is in their test labs. Since this is a bug in their code (I think they updated it), but not in StopBadware.org, Google should be able to discover this failure when doing they test that I mentioned. BTW, I think they may only perform the build verification test only. :P @log0
I suspect you misunderstand my words. I mean they SHOULD have deployment and sign-off testing which they didn’t. This should be done in a copy of the real server which is in their test labs.

Since this is a bug in their code (I think they updated it), but not in StopBadware.org, Google should be able to discover this failure when doing they test that I mentioned.

BTW, I think they may only perform the build verification test only. :P

]]> By: log0 http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down/comment-page-1/#comment-17 log0 Wed, 04 Feb 2009 19:06:39 +0000 http://onhacks.org/?p=181#comment-17 <a href="#comment-16" rel="nofollow">@.hac</a> What is strange is why it involved manual deployment in the first place. That feature is there for quite awhile. <a href="#comment-14" rel="nofollow">@KK Lo</a> I think what you mean is just the single test case "No website other than those in the blacklist will be marked as malware". I came up similarly like yours. Strings : Boundary test inputs and test input generation. @.hac
What is strange is why it involved manual deployment in the first place. That feature is there for quite awhile.

@KK Lo
I think what you mean is just the single test case “No website other than those in the blacklist will be marked as malware”. I came up similarly like yours. Strings : Boundary test inputs and test input generation.

]]> By: .hac http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down/comment-page-1/#comment-16 .hac Mon, 02 Feb 2009 17:53:16 +0000 http://onhacks.org/?p=181#comment-16 <a href="#comment-14" rel="nofollow">@KK Lo</a> I think they should have manual deployment and sign-off testing on test machines before the code is deployed. I suspect that Google search engine is able to fit in one box or two (search engine + database). Of course, since we don't know the architecture of Google search, it is not easy to say that they can perform such deployment or not. Maybe the Google search need to deploy with at least 100 or 1000 boxes, which is a very high cost. On the other hands, they may have some better approach to test their services ;) @KK Lo
I think they should have manual deployment and sign-off testing on test machines before the code is deployed. I suspect that Google search engine is able to fit in one box or two (search engine + database).

Of course, since we don’t know the architecture of Google search, it is not easy to say that they can perform such deployment or not. Maybe the Google search need to deploy with at least 100 or 1000 boxes, which is a very high cost.

On the other hands, they may have some better approach to test their services ;)

]]> By: Patrick http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down/comment-page-1/#comment-15 Patrick Mon, 02 Feb 2009 08:43:48 +0000 http://onhacks.org/?p=181#comment-15 Google is telling you, no site is good site :P C'mon, disconnecting from the Internet means no more risk from it! Google is telling you, no site is good site :P
C’mon, disconnecting from the Internet means no more risk from it!

]]> By: KK Lo http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down/comment-page-1/#comment-14 KK Lo Mon, 02 Feb 2009 06:53:09 +0000 http://onhacks.org/?p=181#comment-14 This kind of error ( a blacklist ) is really hard to test. Is there any good way for this kind of testing? I can only think of random sampling of a list of "assumed Ok" web site. This kind of error ( a blacklist ) is really hard to test. Is there any good way for this kind of testing? I can only think of random sampling of a list of “assumed Ok” web site.

]]> By: .hac http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down/comment-page-1/#comment-13 .hac Sun, 01 Feb 2009 06:54:32 +0000 http://onhacks.org/?p=181#comment-13 This also affecting Gmail spam filtering as well. As they said, http://gmailblog.blogspot.com/2009/01/this-mornings-spam-filter-issue.html This also affecting Gmail spam filtering as well. As they said,
http://gmailblog.blogspot.com/2009/01/this-mornings-spam-filter-issue.html

]]> By: KK Lo http://onhacks.org/lang/en/2009/01/31/stopbadware-brought-google-down/comment-page-1/#comment-12 KK Lo Sat, 31 Jan 2009 18:27:05 +0000 http://onhacks.org/?p=181#comment-12 lol lol

]]>