Vulnerabilities / Threats
9/6/2011
01:47 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Maps Listings Marred By False Information

Businesses complain that Google Maps inaccurately lists them as being closed, an attack that reduces customer visits and diminishes online traffic.

Top 15 Google Apps For Business
Slideshow: Top 15 Google Apps For Business
(click image for larger view and for full slideshow)
Internet observers often extol the wisdom of the crowd, but appear to be less keen to consider the malice of the crowd. Thus, Google, ever optimistic about leveraging free labor to organize online information, has allowed Google users to police map data without adequately planning for the possibility of abuse.

In recent weeks, Google has been getting an earful from businesses listed on Google Maps and Google Places. Many business owners are reporting that their businesses appear to be "permanently closed," the result of presumably deliberate attempts by rivals to scare off customers.

Google Maps place markers, when clicked on, open a pop-up pane that includes a "more" link. One of the options in the "more" link drop-down menu is "Report a problem." And one of several possible problems that can be reported is "Place is permanently closed." Used correctly, this is a public service; used in error or in a deliberate attempt to mislead, it's a public nuisance and economic sabotage.

Google calls the problem "spam." F-Secure security advisor Sean Sullivan calls it "a subtle (and ingenious) 'denial of service' attack."

Google has been accepting such reports without adequate skepticism or safeguards. There's a "Not true" button that appears when a place is designated as closed, but those complaining about the problem suggest that's not enough because the virtual vandalism just continues.

"I have a business on Google Maps that someone keeps marking our business as closed, and we keep getting calls asking if we are going out of business," writes a user identified as "iloveshells" in a Google Places help forum post. "It has been happening for over a week now, and good customers keep re-marking our business as open. I own this listing in my Google Places account. I would love to find a solution to stop this and it would be great if I could get the IP address to the user that is harassing us."

Google did not immediately respond to a request to explain what disciplinary action, if any, it might take when it detects abuse. In general, the company does not provide a user's IP address without a valid court order. But Google says it plans to introduce new tools to prevent abuse.

"About two weeks ago, news in the blogosphere made us aware that abuse--such as 'place closed' spam label--was occurring," wrote Google senior product manager Ethan Russell in a blog post on Monday. "And since then, we've been working on improvements to the system to prevent any malicious or incorrect labeling. These improvements will be implemented in the coming days."

It appears, however, that the problem has been going on for more than two weeks. One post in a series of posts about the problem dates back to June, 2010. It concerns a hospital emergency room inaccurately marked closed.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-7839
Published: 2014-11-25
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

CVE-2014-8001
Published: 2014-11-25
Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

CVE-2014-8002
Published: 2014-11-25
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?