Web-Based Issue Tracking
Free 30-Day Trial - Click Here

Recent Articles

Dude, A New Dell Database
Dell announced the release of a comprehensive database featuring its quad-socket PowerEdge servers with new Intel Xeon dual-core technology and the new Microsoft SQL Server database. The package is intended to simplify migration to Microsoft SQL Server...

Computer Viruses - The New IT Arms Race
The stark reality is that network security in this Internet age is a race. This race starts every time a new virus, worm or vulnerability is discovered; and only finishes when either an organization's network is protected or compromised.

Domain or not?
Computer networks are often just automatically set up without much thought: if it's a business, it's set up as a domain, if it's home, it's not. Often nobody even asks the owners of the computers...


Free Edition of Web CEO: a Complete Software Toolkit for Search Engine Marketing - Download Now
11.22.05


Google Mini Needed Big Security Patch

David UtterBy David Utter


The search appliance that has been part of a recent Google hardware promotion contained a "highly critical" flaw leading to the presence of several exploitable bugs.

Unpatched versions of the Google Mini posed a risk of being subjected to cross-site scripting (XSS), file discovery, service enumeration, and arbitrary command execution, Metasploit reported.

Discover Security Weaknesses in your Active Directory and Windows File Systems today!
Free Demo of DSRAZOR for Windows

Google addressed the problem by providing a fix directly to clients that had purchased the Google Mini. The search appliance sells for $3,000, but recently has been offered as a free extra to purchasers of Google's high-end enterprise search appliances.

Researcher H D Moore at Metasploit provided some notes on the company's web site detailing some of their work with Google on the flaw:

The Google security team responded immediately to our report and were generally very helpful throughout the disclosure process. After a fix was developed, they offered to send us a Mini to verify that all issues had been addressed. Prior to shipping the appliance, they asked for an NDA and a license agreement to be signed and sent back.

The NDA and license agreement both included clauses that restricted reverse engineering and other facets of security research. The NDA prohibited the publication of any information deemed confidential by Google without a prior written agreement.

For any use other than security research, these conditions would not be an issue, however as they were written, any vulnerabilities discovered after the documents were signed could be considered confidential and restricted. We declined to sign the documents and Google placed a demo unit online for verification instead.
About the Author:
David Utter is a staff writer for WebProNews covering technology and business. Email him here.
>>> Get To The Top With FREE Services - Click Here

About ITManagementNews
ITmanagementNews answers questions for IT managers. Our experts offer real-world advise and cutting edge technology for the enterprise. ITmanagementNews is focused on Delivering IT Solutions

ITManagementNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com DevWebPro.com


-- ITManagementNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2005 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article
Delivering IT Solutions ITManagementNews News Archives About Us Feedback ITManagementNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact