Vulnerabilities / Threats
9/6/2011
01:47 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Maps Listings Marred By False Information

Businesses complain that Google Maps inaccurately lists them as being closed, an attack that reduces customer visits and diminishes online traffic.

Top 15 Google Apps For Business
Slideshow: Top 15 Google Apps For Business
(click image for larger view and for full slideshow)
Internet observers often extol the wisdom of the crowd, but appear to be less keen to consider the malice of the crowd. Thus, Google, ever optimistic about leveraging free labor to organize online information, has allowed Google users to police map data without adequately planning for the possibility of abuse.

In recent weeks, Google has been getting an earful from businesses listed on Google Maps and Google Places. Many business owners are reporting that their businesses appear to be "permanently closed," the result of presumably deliberate attempts by rivals to scare off customers.

Google Maps place markers, when clicked on, open a pop-up pane that includes a "more" link. One of the options in the "more" link drop-down menu is "Report a problem." And one of several possible problems that can be reported is "Place is permanently closed." Used correctly, this is a public service; used in error or in a deliberate attempt to mislead, it's a public nuisance and economic sabotage.

Google calls the problem "spam." F-Secure security advisor Sean Sullivan calls it "a subtle (and ingenious) 'denial of service' attack."

Google has been accepting such reports without adequate skepticism or safeguards. There's a "Not true" button that appears when a place is designated as closed, but those complaining about the problem suggest that's not enough because the virtual vandalism just continues.

"I have a business on Google Maps that someone keeps marking our business as closed, and we keep getting calls asking if we are going out of business," writes a user identified as "iloveshells" in a Google Places help forum post. "It has been happening for over a week now, and good customers keep re-marking our business as open. I own this listing in my Google Places account. I would love to find a solution to stop this and it would be great if I could get the IP address to the user that is harassing us."

Google did not immediately respond to a request to explain what disciplinary action, if any, it might take when it detects abuse. In general, the company does not provide a user's IP address without a valid court order. But Google says it plans to introduce new tools to prevent abuse.

"About two weeks ago, news in the blogosphere made us aware that abuse--such as 'place closed' spam label--was occurring," wrote Google senior product manager Ethan Russell in a blog post on Monday. "And since then, we've been working on improvements to the system to prevent any malicious or incorrect labeling. These improvements will be implemented in the coming days."

It appears, however, that the problem has been going on for more than two weeks. One post in a series of posts about the problem dates back to June, 2010. It concerns a hospital emergency room inaccurately marked closed.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, you were supposed to display UNICODE characters!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.