I skipped over to Yahoo!’s Preview Site to check out the news on their homepage, and caught this interesting tidbit in the very top corner:
At least I’m not the only one with Katie Holmes on my mind all the time…
Archive for the 'Search' Category
I’ve never really put a lot of thought into how much I search online. I mean, I know it’s a lot, and I don’t know how I’d live without Google these days - but as far as actual numbers go, it never crossed my mind what a ballpark figure would be.
Even though I live most of my life online, and am in front of a computer 12+ hours out of every day, I imagine I’m a tad on the low end of the scale. Still, it was interesting when I noticed the ‘Trends’ section of my Google Search History:
You also get a good bit more information about your top search keywords and the like, none of which was particularly of interest to me in my own results. Still, simply having a number of searches I do every month / day / hour is quite interesting, just to prove what an addict I am.
What’s yours like? You still object to letting Google track your search history (as if they didn’t already)?
OpenDNS and Google a Phisher’s Delight?
RandyWalker linked me to the entry Google is the new http:// in #wordpress earlier, and I shortly thereafter commented over on Alex King’s blog about OpenDNS’s typo-search feature. You know the one - if you type in a domain that doesn’t exist, rather than giving you the default “Couldn’t find that server” message, you get redirected to a Google-powered search results page instead (containing ads).
In short, the conversation was about people utilizing a browser’s auto-correct feature for a domain, rather than typing in the full address themselves. This can vary from simply typing “google” instead of “google.com” to typo’ing it “goggle.com”. If you’re presented with a clear “the server was not found” message, it’s pretty obvious that you did something wrong.
Instead, the OpenDNS method of redirecting you to search results for that term (or the laziness equivalent of people simply relying on Google’s results to get them to their destination more quickly) leaves open what I consider a security vulnerability.
You see, banks frequently encourage you to go to your browser and type in their address directly, rather than clicking through any links you find in an email. This is to help avoid people getting caught into phishing traps that disguise links in false emails as legitimate links.
Imagine, if you will, a world in which everyone utilized OpenDNS, or simply lets Google direct them where to go by omitting the “.com”1, and relies upon the search results they’re presented with to get to their destination. What if some clever phisher is able to successfully game the system and get a top result (or even the top result) for something like… “Bank of America”?
Now we’ve got legitimate sources (OpenDNS and Google) handing out links people assume are totally trustworthy to a site ranking highly for “Bank of America” that is not in fact a legitimate bank website. Can you imagine the millions of idiots that would blindly type their login credentials into this website, simply because they got to it from Google and it looked like the Bank of America website?
I say we start encouraging users to deliberately take the time to type the full address into the address bar. Stop allowing them to be lazy and utilize search engine results to get to their destination because they don’t want to add the additional 4 characters at the end of the URL.