Forward Slash Led to Massive Google Glitch

It’s become the “forward slash” heard ’round the world.

Bloggers, software designers and tech pundits are talking about what kind of “human error” led Google to label every site in its search results badware for a time on Saturday.

The debate follows the glitch that hit Saturday morning, when, from about 9:30 AM eastern to 10:25 AM eastern, every attempt to navigate to a Web site through Google’s (NASDAQ: GOOG) search engine resulted in security warning indicating that the requested site had been flagged for malware.

Just after 12:00 PM, Marissa Mayer. Google’s vice president, posted a blog update, apologizing for the error and explaining its cause.

“What happened? Very simply, human error,” Mayer wrote. The human error admission came after some back-and-forth with another site that Google works regarding security.

As one of its security checks, Google maintains a list of sites known to contain malware, which it cross-checks against people’s search queries. So when a user is about to navigate to one of the sites on the list, an interstitial warning pops up, advising that the site has been flagged as a security risk.

Google’s engineers update the list periodically, a process that is not entirely automated. So when time came Saturday morning for an update, Google’s engineers accidentally added the URL of ‘/’ to the list of malicious sites. In Google’s system, the forward slash mark automatically expands to include all URLs, which apparently prompted the ubiquitous error.

The interstitial warning that greeted untold millions of Web searchers on Saturday morning directed them to, a nonprofit that Google works with in maintaining its list, for more information.

The crush of traffic to StopBadware’s site overwhelmed its servers, and prompted the group to post its own blog explaining its role in the error.

StopBadware’s Maxim Weinstein took issue with the way Google characterized its relationship with the group.

“Google has posted an update on their official blog that erroneously states that Google gets its list of URLs from us. This is not accurate,” Weinstein wrote on Saturday. “Google generates its own list of badware URLs, and no data that we generate is supposed to affect the warnings in Google’s search listings.”

An hour later, Google clarified its statement, recasting its characterization of StopBadware as an advisor that helps develop criteria for maintaining the list of malware sites, as well as providing Webmasters with advice for getting their sites removed from the list.

Google did not immediately respond to a request for comment for this report.

News Around the Web