BECOME AN EGGHEAD. SUBSCRIBE TO OUR RSS FEED OR FOLLOW US ON TWITTER! Learn to be as nerdy as we are by never missing our latest blog entries. Receive great tips, tricks, and ideas on improving your web site every day! Subscribe via our RSS Feed, follow us, or use the chicklets in the sidebar for more options.

X

I said awhile back in my post, Google Violates Computer Science that people have too much faith in Google.  I said that even light obfuscation of Javascript redirect code, such as rot13ing the offending code would likely trick even the formidable Google.  I may have changed my mind.  This stuff may work near-term, but I have my doubts as to the future.

Interestingly enough, Microsoft is experimenting with a new technique whereby they target certain areas known to be spam "paradises," and use actual redirection as an indication of spam.  The project is called Strider Search Defender.  To implement this, they actually use a real web browser, presumably theirs; and then they commission it to render and execute pages in that realm.  In this way, my suggestion to obscure a JavaScript redirect by rot13ing the code would surely fail miserably.

The obvious problem I see with this is scalability — the reason I rejected approaches like this from the outset.  The problem, jokes about exploiting their browser on the way aside, is that it's an enormous amount of computing time to do this on a large scale. 

But I actually like the suggestion that I noted from Black_Knight in my aforementioned post.  He suggested that the same effect could be attained by mining data from the requests by the Google toolbar.  That's why I like what Black_Knight said more.  It leverages (free) computing-time of the toolbar-users as a side-effect of being useful to them.  Maybe prototyping this is what Microsoft is really after.

So anyone wanna place bets whether Strider gets exploited daily ?