Short summary: Google maintains a list of “malicious URL’s”. This list is used both to offer warnings on the search results and to warn users in third-party applications (like Firefox 3) via the Google Safe Browsing API. The format of the blacklist is such that arbitrary subelements of the URL can be used. This is done because it is often the case that one domain only hosts malicious pages, so it makes sense to blacklist the entire domain. Because of human error the URL “/” ended up on the blacklist. This effectively matches all the URL’s, which resulted in two things:
- Google declaring all sites potentially harmful
- Firefox3 declaring all the sites “potentially harmful” and showing the “red curtain” for them
In conclusion: even though my Belgian friend thinks otherwise, Google broke the Internet for a short time. Good things it’s over.