Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Businesses The Internet Security

Google Blocks Porn In Base, Patches Appliance 122

An anonymous reader writes "The search giant has moved to fix a problem in Google Base which didn't properly block pornographic material in their search results. According to Google, the filter was broken for 'some period of time' but the company didn't elaborate. Nathan Weinberg could have been one of the first to report the incident on his blog, Inside Google, writing: 'Holy crap, there is a lot of porn at Google Base! Looks like, just like Google Images, Google Base could become a huge source of porn, and eventually a place where porn will be sold. I even noticed some movie reviews.'" They've also recently corrected a problem with their search appliance. geo_2677 wrote to mention a Securityfocus.com article discussing the rapid patching of the Google search boxes in response to a vulnerability.
This discussion has been archived. No new comments can be posted.

Google Blocks Porn In Base, Patches Appliance

Comments Filter:
  • by LostCluster ( 625375 ) * on Thursday November 24, 2005 @10:27AM (#14107593)
    Google may have quickly released the patch once they were notified like a good company should, but TFA reveals that the patching is far from complete:

    A small sample of 43 appliances taken this week showed that 23 remained vulnerable, 8 were patched, and the status of 12 could not be determined. If this sample is representative of all deployed Google Search Appliances, more than half may still be vulnerable.

    A patch that hasn't made it to half of the vulnerable devices? We've got a problem here. Google should have made it clear to the owners of the Search Appliance that there's a patch to install. (Fault the media while we're at it... this is the first /. mention of any patch for the Google Search Appliance.)

    You'd think Google would have built in an auto-updater, but clearly not with this low of a response rate.
    • by Threni ( 635302 ) on Thursday November 24, 2005 @11:06AM (#14107761)
      > Fault the media while we're at it... this is the first /. mention of any patch for the Google
      > Search Appliance.)

      I'm Sorry? "The media" exists to make money, and I'm not sure if you're reading the business press lately but they've been doing just fine.

      If a company is relying upon another company then it's between those companies to sort out any practical problems. The media has correctly decided that the general public couldn't give a toss about whether there's a new version of software for some piece of kit or other.

      You obviously believe that the media exists to protect the public...
    • by Anonymous Coward
      How do you know that Google didn't notify the owners that there was a patch to install? I'm sure they have some sort of mailing list and the like for them. Considering that all of their desktop software has auto-update capabilities or notifications, I doubt they would forget to include that feature on a system that people actually pay for.

      The IT folks or whoever is in charge just may not have gotten around to it, don't think the risk is there, or whatever. It's the same thing as when there's a recall tha
    • by artifex2004 ( 766107 ) on Thursday November 24, 2005 @11:24AM (#14107832) Journal
      You'd think Google would have built in an auto-updater, but clearly not with this low of a response rate.


      Regarding the sample boxes they couldn't determine the status for, they may be firewalled by companies who don't want to risk unforseen vulnerabilities. Regarding the ones that are accessible but not patched, is it possible the owners are also blocking updates? If you have a dedicated search appliance in a situation where you can't really afford it going down for an unknown period of time, would you risk patching until you'd heard from others that the patch didn't introduce any new instabilities? Especially since it's a black (or blue) box, so a hard crash might mean having to send it back?

      Win2000 and WinXP have autoupdaters, also. Many of them are not completely patched, either. The users have either never enabled, or disabled, that feature. The administrative interface on Google appliances could allow that level of control, also.
      • by Anonymous Coward
        "black (or blue) box, so a hard crash might mean having to send it back?"

        That depends on the design.*

        One can have either a roll-back, or switch-over to a known configuration.

        Two one can have a remote-login from Google HQ to fix whatever's needed.

        The only reason to send something back is if the hardware is physically broken.

        *Remember these basically are custom computers. Not DELL generic, stick any handy OS on, cross your fingers and pray, computers you put together from left-over parts.
  • new button (Score:5, Funny)

    by glaswegian ( 803339 ) on Thursday November 24, 2005 @10:32AM (#14107614)
    Looks like they may need to add a new button to their site : "I'm feeling horny"
  • argh ... (Score:3, Funny)

    by Anonymous Coward on Thursday November 24, 2005 @10:32AM (#14107617)
    must ... resist ... obvious ... zero ... wing ... pun

    can't ... speak ... at ... normal ... rate
  • Pr0n... (Score:3, Funny)

    by Electr!c_B4rd_Qu!nn ( 933533 ) <bobbyboy_70@nOspAm.hotmail.com> on Thursday November 24, 2005 @10:37AM (#14107640) Journal
    Hate to say it, but pr0n did help Al Gore's internet get off the ground. I wonder if Bill put him up to it.....
    • I know that was meant to be funny, but...

      The "information superhighway" internet that Al Gore pushed for ARPANET to be turned into would have connected schools and libraries only, and contained only educational materials. It would still have been controlled, and tightly regulated, by the government. The true, private sector internet that we have today simply wouldn't have existed. That's a very different world. We have a much better internet than Al Gore wanted. Personally, I'm glad that today we have a v

  • Are Belong to PRON *s

    --
    No, really.
  • I'm a little concerned that Al Qaida is known as "The Base" in English.

    This isn't some Google search tool to find Bin Laden is it? I've not used Base before, what does it do?
  • by Idaho ( 12907 ) on Thursday November 24, 2005 @10:42AM (#14107664)
    I'd swear there is no spyware on this machine, but I just got a popover advert when I opened this topic. It was right on top of the comments section. Strangely enough, it disappeared automatically after a few seconds (it had an area that looked like a close button which I did not click, shocked as I was to see something like this happening on slashdot. Obviously, you can never be sure what will actually happen when you click such a close button anyway...).

    I think it was some kind of DHTML thing - anyone else got this as well?
  • by putko ( 753330 ) on Thursday November 24, 2005 @10:48AM (#14107684) Homepage Journal
    Google's selling of the box may open them up to problems they wouldn't otherwise have.

    E.g. supposedly the appliance is derived from their main codebase. So if you get a box and figure out some exploits, perhaps you've figured out how to exploit the thousands of machines that Google uses to crawl.

    It is a bit like Cisco fiasco recently: they give a smart guy a box, he can find some problems (and get in trouble at Black Hat) -- but if he finds flaws he can exploit thousands of boxes out there.

    On the other hand, if Cisco didn't give you your own box to poke and prod, you might never discover the flaws in the boxes out there in the universe (before getting caught) -- it would just take too long, esp. if the bug was timing dependent. Same for Google -- the selling of the appliance, for what little money it brings in, reveals info to bad guys. A risk-averse shop might forgo that income completely.
    • It is a bit like Cisco fiasco recently: they give a smart guy a box, he can find some problems (and get in trouble at Black Hat) -- but if he finds flaws he can exploit thousands of boxes out there.

      On the surface this sounds right, but be careful.

      You basically just stated that closed source is more secure than open source in this instance and I think the *nix crowd may eat you for Thanksgiving Day dinner with that attitude. Closing the source and hiding your insecure code is not the way to secure a
      • The only useful exploits against Googlebot (what Google crawls with), would be finding ways to exploit its ranking mechanisms to cause your results to rank higher. The problem is, there won't be a perfect disclosable way to rank pages. The reason the algorithm works as well as it does, is because people on the outside don't know precisely what it uses to score pages. There are tons of whitepapers, speculation via patents, et al. None of these can come as close to pegging its methodology as if we could just
  • NOT blocked! (Score:5, Insightful)

    by TrumpetPower! ( 190615 ) <ben@trumpetpower.com> on Thursday November 24, 2005 @10:51AM (#14107699) Homepage

    You can still get all the pr0n you want. The problem was that SafeSearch was including pr0n in the results. Some dad uploaded pictures of his two-year-old daughter to share with family. But, when he searched for those pictures, he found a hell of a lot more than he was looking for.

    Considering the society we live in, SafeSearch is a good default--after all, you wouldn't want something that could easily get you fired popping up on your monitor just for doing an innocent search. It's also good of Google to offer the simple ability to tell them not to be your nanny.

    Cheers,

    b&

    • Some dad uploaded pictures of his two-year-old daughter to share with family. But, when he searched for those pictures, he found a hell of a lot more than he was looking for.

      Blame Google when he searches for Jasmine! [com.com]
    • It's also good of Google to offer the simple ability to tell them not to be your nanny.

      Compared to Googles' image search it's not quite as simple for the cookie-blockers amongst us. Instead of allowing a single cookie at a precise address 'images.google.com.au' (in my case), using Google Base without the filter requires you to allow 'google.com' and all the cookies that entails.

      I am aware that I'm somewhat of a paranoid freak.

    • It's more than that.

      Got onto base.google.porn

      Type 'porn'.

      Oggle.

      I an *not* logged into google, so safe search is presumably on.
    • What society are you referring to? It would be hard work for a company to fire me for accidentally viewing porn in the society I live in - New Zealand.
  • by roman_mir ( 125474 ) on Thursday November 24, 2005 @10:52AM (#14107703) Homepage Journal
    That wasn't a bug! It was a feature. The best one!
  • Is there a site... (Score:5, Interesting)

    by SharpFang ( 651121 ) on Thursday November 24, 2005 @10:52AM (#14107704) Homepage Journal
    ...that uses Google Images API with the SafeSearch in "reverse" mode, that is performs search twice, with SS on and off, and displays only images that would are filtered off by SS?
  • by SolitaryMan ( 538416 ) on Thursday November 24, 2005 @10:59AM (#14107727) Homepage Journal
    Number of requests to Google Base vastly dropped.
  • by Snamh Da Ean ( 916391 ) on Thursday November 24, 2005 @10:59AM (#14107728)
    Researchers find that a huge well designed freely accessible online database is used to store pr0n.

    In other news, scientists announce that snow is cold, and that bears defecate in the wooded environments.
  • by loconet ( 415875 ) on Thursday November 24, 2005 @11:03AM (#14107747) Homepage
    Google Blocks Porn ... so much for for Do no evil.

  • Of course. (Score:4, Funny)

    by nathan s ( 719490 ) on Thursday November 24, 2005 @11:20AM (#14107812) Homepage
    Point it out AFTER it's fixed. Thanks, guys! :-P
  • by Riktov ( 632 ) on Thursday November 24, 2005 @11:25AM (#14107835) Journal
    From TFA:

    "Todd Ripley, a real estate investor in Asheville, North Carolina, noticed the problem on Tuesday morning after he uploaded photos of his 2-year-old daughter Jasmine onto his Google Base page. He planned to direct his family to the page but decided against it after a search for "Jasmine" turned up some unsavoury results despite the use of the SafeSearch filter."

    If he'd just named his daughter Phyllis, or Martha, or Gertrude...

    And why did he need to search for "Jasmine" to tell his family where to find photos? Couldn't he just use a URL? And did he think that there was any chance that a search for "Jasmine" would actually find his daughter's photos from the mounds of other info out there???
    • If he'd just named his daughter Phyllis
      Google search would return pictures of genital warts.
    • Maybe he just wanted to see how high in the rankings it was?
    • I just turned off all filtering and searched for Jasmine. His images were on page 3[1], but none of the other results looked pornographic (I only checked up until page 5).

      [1] Probably more amusing in the UK, where cheap tabloids traditionally put a nude model on page 3.

    • He was posting pictures of his kid when he came across this pr0n...at least, that's what he told his wife when she walked in the room...
    • For a technologically unsophisticated user the Google "I'm feeling lucky" button *IS* the URL. Heck, I practically grew up with the Internet (cost my family a $100 Compuserve bill back in middle school and haven't looked back since) and I use Google as a substitute location bar myself -- why bookmark or remember the obscure URL for the best Japanese dictionary ever when "Jim Breen" tab tab enter gets me unfailingly to the right page?

      A year ago I made my mother and father's start page Google. Now, inst

  • by __aaijsn7246 ( 86192 ) on Thursday November 24, 2005 @11:45AM (#14107931)
    Seems that more and more security researchers are turning their attention to Google these days. There has been a spate of recent bugs published to the usual mailing lists in past weeks.

    Title: Google Talk Denial of Service - BenjiBug [securityfocus.com]
    Google Talk's automatic update mechanism (which can't be turned off) checks to see if the downloaded file matches a signature, but it doesn't check the size of the file. So it can be forced to compute a hash of a 1 gig file, crashing the machine.

    Killer Empty Sender Message [securityfocus.com]
    echo kill | nail -s Kill -r "" victim (at) gmail (dot) com [email concealed]
    crashes Google Talk

    Google Talk cleartext proxy credentials vulnerability [securityfocus.com]
    Google Talk stores the GMail login details securely, but not the proxy authentication credentials

    Not to mention the GMail bug discussed on /. recently

    Ah, the perpetual beta..
  • ...literally.
  • Thats a shame. Where are the kids supposed to learn about these things?
  • The porn sites should be fortunate enough that they can be found through regular Google Search. If anything, Google needs to crack down on the bogus porn and spam sites that add keywords to their meta tags and webpages to sneek in search results. These doctored results are starting to effect the performance and accuracy of the Google Search.
  • I thought Base's set of rules indicated that one cannot post only ILLEGAL or non-consexual pr0n as I have mentioned here [slashdot.org].
    • sure... but they still provide a filter to filter out the legal porn for those who'd rather not have it show up in their searches.
  • Holy crap, there is a lot of porn at Google Base! Looks like, just like Google Images, Google Base could become a huge source of porn, and eventually a place where porn will be sold.

    What? no link?

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...