Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Blocks Porn In Base, Patches Appliance

Posted by Zonk on from the tweaking-here-and-there dept.

An anonymous reader writes "The search giant has moved to fix a problem in Google Base which didn't properly block pornographic material in their search results. According to Google, the filter was broken for 'some period of time' but the company didn't elaborate. Nathan Weinberg could have been one of the first to report the incident on his blog, Inside Google, writing: 'Holy crap, there is a lot of porn at Google Base! Looks like, just like Google Images, Google Base could become a huge source of porn, and eventually a place where porn will be sold. I even noticed some movie reviews.'" They've also recently corrected a problem with their search appliance. geo_2677 wrote to mention a Securityfocus.com article discussing the rapid patching of the Google search boxes in response to a vulnerability.

26 of 122 comments (clear)

  1. "Rapid patching" gone horribly wrong by LostCluster · · Score: 4, Interesting

    Google may have quickly released the patch once they were notified like a good company should, but TFA reveals that the patching is far from complete:

    A small sample of 43 appliances taken this week showed that 23 remained vulnerable, 8 were patched, and the status of 12 could not be determined. If this sample is representative of all deployed Google Search Appliances, more than half may still be vulnerable.

    A patch that hasn't made it to half of the vulnerable devices? We've got a problem here. Google should have made it clear to the owners of the Search Appliance that there's a patch to install. (Fault the media while we're at it... this is the first /. mention of any patch for the Google Search Appliance.)

    You'd think Google would have built in an auto-updater, but clearly not with this low of a response rate.

    1. Re:"Rapid patching" gone horribly wrong by Threni · · Score: 4, Interesting

      > Fault the media while we're at it... this is the first /. mention of any patch for the Google
      > Search Appliance.)

      I'm Sorry? "The media" exists to make money, and I'm not sure if you're reading the business press lately but they've been doing just fine.

      If a company is relying upon another company then it's between those companies to sort out any practical problems. The media has correctly decided that the general public couldn't give a toss about whether there's a new version of software for some piece of kit or other.

      You obviously believe that the media exists to protect the public...

  2. new button by glaswegian · · Score: 5, Funny

    Looks like they may need to add a new button to their site : "I'm feeling horny"

  3. argh ... by Anonymous Coward · · Score: 3, Funny

    must ... resist ... obvious ... zero ... wing ... pun

    can't ... speak ... at ... normal ... rate

  4. Re:And where is the problem with porn? by PunkOfLinux · · Score: 5, Informative

    Because this is on the company level. GOOGLE is doing this - not the feds.

    --
    Show this to your friends and family that don't know what a real hacker is
  5. Pr0n... by Electr!c_B4rd_Qu!nn · · Score: 3, Funny

    Hate to say it, but pr0n did help Al Gore's internet get off the ground. I wonder if Bill put him up to it.....

    --
    " i r 1337. j00 a l0z3r "
    That talk kinda makes you cry, doesn't it?
    That's right..cry those nerdly tears
  6. Concerned, but delighted by saskboy · · Score: 2, Funny

    I'm a little concerned that Al Qaida is known as "The Base" in English.

    This isn't some Google search tool to find Bin Laden is it? I've not used Base before, what does it do?

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  7. [offtopic] What the ..... popover ads on Slashdot? by Idaho · · Score: 3, Interesting

    I'd swear there is no spyware on this machine, but I just got a popover advert when I opened this topic. It was right on top of the comments section. Strangely enough, it disappeared automatically after a few seconds (it had an area that looked like a close button which I did not click, shocked as I was to see something like this happening on slashdot. Obviously, you can never be sure what will actually happen when you click such a close button anyway...).

    I think it was some kind of DHTML thing - anyone else got this as well?

    --
    Every expression is true, for a given value of 'true'
  8. Rooting the Applicance by putko · · Score: 3, Interesting

    Google's selling of the box may open them up to problems they wouldn't otherwise have.

    E.g. supposedly the appliance is derived from their main codebase. So if you get a box and figure out some exploits, perhaps you've figured out how to exploit the thousands of machines that Google uses to crawl.

    It is a bit like Cisco fiasco recently: they give a smart guy a box, he can find some problems (and get in trouble at Black Hat) -- but if he finds flaws he can exploit thousands of boxes out there.

    On the other hand, if Cisco didn't give you your own box to poke and prod, you might never discover the flaws in the boxes out there in the universe (before getting caught) -- it would just take too long, esp. if the bug was timing dependent. Same for Google -- the selling of the appliance, for what little money it brings in, reveals info to bad guys. A risk-averse shop might forgo that income completely.

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
  9. NOT blocked! by TrumpetPower! · · Score: 5, Insightful

    You can still get all the pr0n you want. The problem was that SafeSearch was including pr0n in the results. Some dad uploaded pictures of his two-year-old daughter to share with family. But, when he searched for those pictures, he found a hell of a lot more than he was looking for.

    Considering the society we live in, SafeSearch is a good default--after all, you wouldn't want something that could easily get you fired popping up on your monitor just for doing an innocent search. It's also good of Google to offer the simple ability to tell them not to be your nanny.

    Cheers,

    b&

    --
    All but God can prove this sentence true.
  10. If it ain't broke, don't fix it. by roman_mir · · Score: 4, Funny

    That wasn't a bug! It was a feature. The best one!

    --
    You can't handle the truth.
  11. Is there a site... by SharpFang · · Score: 4, Interesting

    ...that uses Google Images API with the SafeSearch in "reverse" mode, that is performs search twice, with SS on and off, and displays only images that would are filtered off by SS?

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    1. Re:Is there a site... by Von+Helmet · · Score: 2, Interesting

      This search page will search for unsafe pages using that method, though I have yet to find^H^H^H^H hear of one that will do the same for images.

  12. Re:[offtopic] What the ..... popover ads on Slashd by clifyt · · Score: 4, Interesting

    I get the same...and I'm on a Mac using firefox -- so I highly doubt if its adware.

    I saw this first last week asking me to take an OSTG survey at work -- and I thought I had my pop-up blocker off. Nope. And my flash block was off as well -- so it couldn't be that hole either. I wasn't too upset because I thought it was specifically for /. and its parent company...and then a few days later, the same thing with a non OSTG advertisement.

    Slashdot it going downhill and thats sad (then again, I know people on my site are complaining that I've had to monotize it to keep it running...but popups / popunders and annoying DHTML are something no reputable site should ever use). If this is the future of this site, Digg and others will get my reading (and I'll make certain to never buy another overpriced gizmo or tshirt from Thinkgeek).

  13. Re:And where is the problem with porn? by YrWrstNtmr · · Score: 3, Insightful
    Oh, when COMPANYs do it, then it's fine.

    Sure. You are free to use a different company. Using a different government is not always possible.

  14. In other news... by SolitaryMan · · Score: 3, Funny

    Number of requests to Google Base vastly dropped.

    --
    May Peace Prevail On Earth
  15. What a surprise! by Snamh+Da+Ean · · Score: 5, Funny

    Researchers find that a huge well designed freely accessible online database is used to store pr0n.

    In other news, scientists announce that snow is cold, and that bears defecate in the wooded environments.

  16. Re:[offtopic] What the ..... popover ads on Slashd by chez69 · · Score: 5, Interesting

    use adblock or squid to block the following items:

    *images.slashdot.org/*.js
    *images-aud.slashdot.org*
    *an.tacoda.net*
    *falkag*

    lots of funcky js gets loaded by slash by default. I block all this shit and slashdot loads twice as fast.

    --
    PHP is the solution of choice for relaying mysql errors to web users.
  17. Blocks what? by loconet · · Score: 3, Funny

    Google Blocks Porn ... so much for for Do no evil.

    --
    [alk]
  18. Beacuse its not censorship? by nurb432 · · Score: 2, Insightful

    This is corporate entity who isnt a monopoly, so it well within their rights to do this.

    Once you talk about government censoring free speech ( its debateable if porn falls under that category in the first place ) then we an issue to discuss.

    However, even with your example, China is an sovereign country. It has a right to declare a type of questionable speech illegal if they wish, as long as it doesnt deprive people of basic human rights in the process.

    --
    ---- Booth was a patriot ----
  19. Of course. by nathan+s · · Score: 4, Funny

    Point it out AFTER it's fixed. Thanks, guys! :-P

    --
    picpix image polls. create - share - vote. fun!
  20. It's not clear at all by artifex2004 · · Score: 3, Insightful
    You'd think Google would have built in an auto-updater, but clearly not with this low of a response rate.


    Regarding the sample boxes they couldn't determine the status for, they may be firewalled by companies who don't want to risk unforseen vulnerabilities. Regarding the ones that are accessible but not patched, is it possible the owners are also blocking updates? If you have a dedicated search appliance in a situation where you can't really afford it going down for an unknown period of time, would you risk patching until you'd heard from others that the patch didn't introduce any new instabilities? Especially since it's a black (or blue) box, so a hard crash might mean having to send it back?

    Win2000 and WinXP have autoupdaters, also. Many of them are not completely patched, either. The users have either never enabled, or disabled, that feature. The administrative interface on Google appliances could allow that level of control, also.
  21. With a name like that by Riktov · · Score: 3, Insightful

    From TFA:

    "Todd Ripley, a real estate investor in Asheville, North Carolina, noticed the problem on Tuesday morning after he uploaded photos of his 2-year-old daughter Jasmine onto his Google Base page. He planned to direct his family to the page but decided against it after a search for "Jasmine" turned up some unsavoury results despite the use of the SafeSearch filter."

    If he'd just named his daughter Phyllis, or Martha, or Gertrude...

    And why did he need to search for "Jasmine" to tell his family where to find photos? Couldn't he just use a URL? And did he think that there was any chance that a search for "Jasmine" would actually find his daughter's photos from the mounds of other info out there???

    1. Re:With a name like that by stud9920 · · Score: 2, Funny
      If he'd just named his daughter Phyllis
      Google search would return pictures of genital warts.
  22. Google's recent security problems by __aaijsn7246 · · Score: 3, Informative

    Seems that more and more security researchers are turning their attention to Google these days. There has been a spate of recent bugs published to the usual mailing lists in past weeks.

    Title: Google Talk Denial of Service - BenjiBug
    Google Talk's automatic update mechanism (which can't be turned off) checks to see if the downloaded file matches a signature, but it doesn't check the size of the file. So it can be forced to compute a hash of a 1 gig file, crashing the machine.

    Killer Empty Sender Message
    echo kill | nail -s Kill -r "" victim (at) gmail (dot) com [email concealed]
    crashes Google Talk

    Google Talk cleartext proxy credentials vulnerability
    Google Talk stores the GMail login details securely, but not the proxy authentication credentials

    Not to mention the GMail bug discussed on /. recently

    Ah, the perpetual beta..

  23. Re:[offtopic] What the ..... popover ads on Slashd by Deviant+Q · · Score: 2, Funny

    Man, at times like this I wish there was an "+1 Awesome" moderation option ;).

    --
    "May the days be aimless. Let the seasons drift. Do not advance the action according to a plan."