2014-03-18

Could a weird Blogspot URL behavior lead to phishing?

Unusual behavior leads to security risks

Google's Blogspot domains (Blogger blogs) behave somewhat strangely.

The blogspot.com domain looks just fine:
However, every other domain than .com (such as blogspot.co.uk, blogspot.ru, etc.) behaves in a less intuitive way:
  • Visiting http://blogspot.co.uk returns a 302 redirect to... http://www.google.com. Arguably less useful than blogger.com's redirect, but still an official Google page;
  • Visiting http://www.blogspot.co.uk, on the other hand, lands in the blog of a specific user.

What would prevent this "www" page from being modified to mimic Google's login and capture some identifiers?

Ideally, Google would quickly be noticed by users about a phishing attack coming from this page and would disable the blog, but until then, several users might have their credentials stolen.

I do not understand why Google treats the .com domain in a different way than every other domain. Has someone in the US complained about it?

No history in the Internet Archive


This behavior seems so uncommon that, when I tried to see the Internet Archive's history on the www.blogspot.co.uk webpage, I noticed that - due to a bug or a deliberate feature - the archived pages for http://www.blogspot.co.uk actually refer to the http://blogspot.co.uk page (that is, Google's homepage)!

In other words, this website's history is hidden from the archive, even though any other Blogger blog is indexed just as expected.

Am I being paranoid, or could this website be used to phish users while looking like a legitimate version of Blogger's homepage? Is there something else protecting Blogspot users from a potential attack?