Google Mini Needed Big Security Patch

Get the WebProNews Newsletter:

[ Search]

The search appliance that has been part of a recent Google hardware promotion contained a “highly critical” flaw leading to the presence of several exploitable bugs.

Google Mini Needed Big Security Patch
The Google Mini Needed Some First Aid

Unpatched versions of the Google Mini posed a risk of being subjected to cross-site scripting (XSS), file discovery, service enumeration, and arbitrary command execution, Metasploit reported.

Google addressed the problem by providing a fix directly to clients that had purchased the Google Mini. The search appliance sells for $3,000, but recently has been offered as a free extra to purchasers of Google’s high-end enterprise search appliances.

Researcher H D Moore at Metasploit provided some notes on the company’s web site detailing some of their work with Google on the flaw:

The Google security team responded immediately to our report and were generally very helpful throughout the disclosure process. After a fix was developed, they offered to send us a Mini to verify that all issues had been addressed. Prior to shipping the appliance, they asked for an NDA and a license agreement to be signed and sent back.

The NDA and license agreement both included clauses that restricted reverse engineering and other facets of security research. The NDA prohibited the publication of any information deemed confidential by Google without a prior written agreement.

For any use other than security research, these conditions would not be an issue, however as they were written, any vulnerabilities discovered after the documents were signed could be considered confidential and restricted. We declined to sign the documents and Google placed a demo unit online for verification instead.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.

Google Mini Needed Big Security Patch
Comments Off on Google Mini Needed Big Security Patch
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom