Unusual behavior leads to security risks
Google's Blogspot domains (Blogger blogs) behave somewhat strangely.The blogspot.com domain looks just fine:
- Visiting http://blogspot.com returns a 301 redirect to http://www.blogger.com;
- Visiting http://www.blogspot.com returns a 302 redirect to http://www.blogger.com. This, in turn leads to a Google login page (so the user can log in to Blogger).
- Visiting http://blogspot.co.uk returns a 302 redirect to... http://www.google.com. Arguably less useful than blogger.com's redirect, but still an official Google page;
- Visiting http://www.blogspot.co.uk, on the other hand, lands in the blog of a specific user.
What would prevent this "www" page from being modified to mimic Google's login and capture some identifiers?
Ideally, Google would quickly be noticed by users about a phishing attack coming from this page and would disable the blog, but until then, several users might have their credentials stolen.
I do not understand why Google treats the .com domain in a different way than every other domain. Has someone in the US complained about it?
No history in the Internet Archive
This behavior seems so uncommon that, when I tried to see the Internet Archive's history on the www.blogspot.co.uk webpage, I noticed that - due to a bug or a deliberate feature - the archived pages for http://www.blogspot.co.uk actually refer to the http://blogspot.co.uk page (that is, Google's homepage)!
In other words, this website's history is hidden from the archive, even though any other Blogger blog is indexed just as expected.
Am I being paranoid, or could this website be used to phish users while looking like a legitimate version of Blogger's homepage? Is there something else protecting Blogspot users from a potential attack?