Google Blocks Porn In Base, Patches Appliance

An anonymous reader writes "The search giant has moved to fix a problem in Google Base which didn't properly block pornographic material in their search results. According to Google, the filter was broken for 'some period of time' but the company didn't elaborate. Nathan Weinberg could have been one of the first to report the incident on his blog, Inside Google, writing: 'Holy crap, there is a lot of porn at Google Base! Looks like, just like Google Images, Google Base could become a huge source of porn, and eventually a place where porn will be sold. I even noticed some movie reviews.'" They've also recently corrected a problem with their search appliance. geo_2677 wrote to mention a Securityfocus.com article discussing the rapid patching of the Google search boxes in response to a vulnerability.

"Rapid patching" gone horribly wrong

[LostCluster]

Google may have quickly released the patch once they were notified like a good company should, but TFA reveals that the patching is far from complete:

A small sample of 43 appliances taken this week showed that 23 remained vulnerable, 8 were patched, and the status of 12 could not be determined. If this sample is representative of all deployed Google Search Appliances, more than half may still be vulnerable.

A patch that hasn't made it to half of the vulnerable devices? We've got a problem here. Google should have made it clear to the owners of the Search Appliance that there's a patch to install. (Fault the media while we're at it... this is the first /. mention of any patch for the Google Search Appliance.)

You'd think Google would have built in an auto-updater, but clearly not with this low of a response rate.

Re:"Rapid patching" gone horribly wrong

[Threni]

> Fault the media while we're at it... this is the first /. mention of any patch for the Google
> Search Appliance.)

I'm Sorry? "The media" exists to make money, and I'm not sure if you're reading the business press lately but they've been doing just fine.

If a company is relying upon another company then it's between those companies to sort out any practical problems. The media has correctly decided that the general public couldn't give a toss about whether there's a new version of software for some piece of kit or other.

You obviously believe that the media exists to protect the public...

[offtopic] What the ..... popover ads on Slashdot?

[Idaho]

I'd swear there is no spyware on this machine, but I just got a popover advert when I opened this topic. It was right on top of the comments section. Strangely enough, it disappeared automatically after a few seconds (it had an area that looked like a close button which I did not click, shocked as I was to see something like this happening on slashdot. Obviously, you can never be sure what will actually happen when you click such a close button anyway...).

I think it was some kind of DHTML thing - anyone else got this as well?

Rooting the Applicance

[putko]

Google's selling of the box may open them up to problems they wouldn't otherwise have.

E.g. supposedly the appliance is derived from their main codebase. So if you get a box and figure out some exploits, perhaps you've figured out how to exploit the thousands of machines that Google uses to crawl.

It is a bit like Cisco fiasco recently: they give a smart guy a box, he can find some problems (and get in trouble at Black Hat) -- but if he finds flaws he can exploit thousands of boxes out there.

On the other hand, if Cisco didn't give you your own box to poke and prod, you might never discover the flaws in the boxes out there in the universe (before getting caught) -- it would just take too long, esp. if the bug was timing dependent. Same for Google -- the selling of the appliance, for what little money it brings in, reveals info to bad guys. A risk-averse shop might forgo that income completely.

Is there a site...

[SharpFang]

...that uses Google Images API with the SafeSearch in "reverse" mode, that is performs search twice, with SS on and off, and displays only images that would are filtered off by SS?

Re:Is there a site...

[Von+Helmet]

This search page will search for unsafe pages using that method, though I have yet to find^H^H^H^H hear of one that will do the same for images.

Re:[offtopic] What the ..... popover ads on Slashd

[clifyt]

I get the same...and I'm on a Mac using firefox -- so I highly doubt if its adware.

I saw this first last week asking me to take an OSTG survey at work -- and I thought I had my pop-up blocker off. Nope. And my flash block was off as well -- so it couldn't be that hole either. I wasn't too upset because I thought it was specifically for /. and its parent company...and then a few days later, the same thing with a non OSTG advertisement.

Slashdot it going downhill and thats sad (then again, I know people on my site are complaining that I've had to monotize it to keep it running...but popups / popunders and annoying DHTML are something no reputable site should ever use). If this is the future of this site, Digg and others will get my reading (and I'll make certain to never buy another overpriced gizmo or tshirt from Thinkgeek).

Re:[offtopic] What the ..... popover ads on Slashd

[chez69]

use adblock or squid to block the following items:

*images.slashdot.org/*.js
*images-aud.slashdot.org*
*an.tacoda.net*
*falkag*

lots of funcky js gets loaded by slash by default. I block all this shit and slashdot loads twice as fast.