David Airey: We’ve had our ups and downs, haven’t we, Google?
Google: We have, David.
David Airey: Do you remember that time I tried to trick my way to the top of your search results?
Google: Oh yes. I taught you a thing or two by slapping that search rank penalty on your domain.
David Airey: You did. Who’d have thought a simple prize giveaway would’ve created so much hassle?
Google: Don’t forget about those paid links. Not a good idea to go against my terms of service.
David Airey: Ah, of course. It was an experience, although I might still be in trouble if it wasn’t for those who offered their help. Hamlet Batista in particular was one of the good guys.
Google: Fair play for reversing the penalty so fast. Even the big John Chow still hasn’t managed it, but me and him haven’t seen eye-to-eye for some time. I don’t think he likes me very much.
David Airey: You can’t please everyone. Blogging has taught me that more than most things. At least being back in your good books is helping attract some new clients. A shout out to Matt Cutts for understanding my predicament.
Google: Matt’s a goodun’. What do you think of his blog design?
David Airey: Customising his design would futher set him apart from other blogs, but it’s what he has to say that people subscribe for.
Google: Some good news for you. I’ve added sitelinks to your website, so when someone searches me for David Airey, there’s extra navigation below your name.
David Airey: Oh, nice. My buddy, Shaun, got those recently for his Scottish SEO company. That’s great news, but how do you decide who gets them?
Google: There are several factors involved, so they’re not on all sites. You’ve been working on your content consistently for around 18 months now, and have received a lot of backlinks, so I thought it was about time. If you’re not happy with the links appearing, go to your Webmaster Tools panel and give me some feedback on your Google sitelinks.
David Airey: Why would I not be happy?
Google: You might want to block specific sitelinks from appearing if the content highlighted is out-of-date, or if there’s certain information you don’t want to publicize.
David Airey: That’s good to know, thanks. On another topic, did you ever draw your own conclusions as to how my GMail account was hacked?
Google: The attack you described (XSRF GMail filter rule insertion) has been very worrisome, especially the risk of it being exploited in a systematic fashion. I closed that particular loophole several months before your incident took place, and have yet to find any sign of an exploit based on it.
David Airey: Wasn’t what happened to me a sign of an XSRF exploit?
Google: One of my engineers in the security team did a careful analysis of my logs from a security perspective, and an extended follow-up on the attacker network. As a result, I can state with authority that you were not victim of an XSRF attack. On a side note, I can assure you that the attacker has not had any successful interaction with your GMail account since December 17th, when you changed the password, secondary email, and security question.
David Airey: At least it’s good to know my account hasn’t been accessed by anyone since the password change. Did you ever think to inform GMail users about the security exploit? There could still be some people with unknown filters applied to their accounts.
Google: Communications can be a tricky thing. I investigated this option both when the original filter insertion bug was fixed, and after the investigation into your incident. Ultimately, PR chose not to pursue this. At the same time, I’ve carefully examined filter creation patterns, and could not find any trace of systematic XSRF filter insertion attacks.
David Airey: I think it would be better to keep users informed of such ‘loopholes’, but what do I know about multi-national public relations?
Regardless, thanks for taking the time-out for a chat. It’s much appreciated.
Disclaimer: Google isn’t really a person I had a chat with. Some of the information above was taken from an email conversation with a Google employee. The rest was written from a personal perspective.