Comments on: Outsourcing XSS Vulnerabilities http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/ Giorgio Maone's answers to the Web, the Universe, and Everything Sun, 07 Sep 2008 00:24:13 +0000 http://wordpress.org/?v=2.2.3 By: outsourcing http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-8046 outsourcing Tue, 27 May 2008 05:29:42 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-8046 Didn’t know there were self-hosted search engines…are those vulnerabilities fix/patchable now that it’s a known issue?" - I'm not sure but we can try it anyways. Didn’t know there were self-hosted search engines…are those vulnerabilities fix/patchable now that it’s a known issue?" - I’m not sure but we can try it anyways.

]]> By: Outsourcing Delegation Guru http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-7772 Outsourcing Delegation Guru Tue, 29 Apr 2008 00:47:30 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-7772 Didn't know there were self-hosted search engines...are those vulnerabilities fix/patchable now that it's a known issue? Didn’t know there were self-hosted search engines…are those vulnerabilities fix/patchable now that it’s a known issue?

]]> By: hackademix.net » Symantec Vulnerabilities and Hard Things To Do http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-7623 hackademix.net » Symantec Vulnerabilities and Hard Things To Do Tue, 08 Apr 2008 14:11:24 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-7623 [...] BTW, isn’t that a Google Search Appliance? [...] […] BTW, isn’t that a Google Search Appliance? […]

]]> By: DigitMemo.com » Multi Google Security Holes Revealed http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-450 DigitMemo.com » Multi Google Security Holes Revealed Mon, 24 Sep 2007 17:13:47 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-450 [...] Google Search Appliance XSS, affecting almost 200,000 paying customers of the outsourced search engine and their users: this [...] […] Google Search Appliance XSS, affecting almost 200,000 paying customers of the outsourced search engine and their users: this […]

]]> By: jday http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-444 jday Mon, 24 Sep 2007 11:06:33 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-444 Wikipedia's search is absolutely awful. Unless you know the exact term you're looking for, and there's an article on that term, then you might as well just go to google and include wikipedia in the search terms. Wikipedia’s search is absolutely awful. Unless you know the exact term you’re looking for, and there’s an article on that term, then you might as well just go to google and include wikipedia in the search terms.

]]> By: hackademix.net » GoogHOle (XSS pwning GMail, Picasa and almost 200K customers) http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-442 hackademix.net » GoogHOle (XSS pwning GMail, Picasa and almost 200K customers) Mon, 24 Sep 2007 08:37:59 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-442 [...] Outsourcing XSS Vulnerabilities 24 09 2007 [...] […] Outsourcing XSS Vulnerabilities 24 09 2007 […]

]]> By: Giorgio http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-426 Giorgio Sat, 22 Sep 2007 05:00:53 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-426 @<b>kuza55</b>: I understand your point, but I deployed <a href="http://lucene.apache.org/" target="_blank" rel="nofollow external" rel="nofollow">Lucene</a> (my Java example above) in several mission-critical "enterprise class" environments (just to speak their lingo ;) ), and I can tell you first-hand that it scales very well, given enough iron and tuning. You may be surprised by some <a href="http://www.mail-archive.com/lucene-user@jakarta.apache.org/msg12532.html" target="_blank" rel="nofollow external" rel="nofollow">random reports</a>, but I guess the <a href="http://wiki.apache.org/lucene-java/PoweredBy" rel="nofollow external" rel="nofollow">"Powered by Lucene" list</a> could be a better argument (hint: look at the bottom, under the <strong>"W"</strong> letter). How many organization-wide search engines do really benefit of PageRank™ or other algorithms "sensing" their content to inject the most relevant ads, anyway? @kuza55:
I understand your point, but I deployed Lucene (my Java example above) in several mission-critical “enterprise class” environments (just to speak their lingo ;) ), and I can tell you first-hand that it scales very well, given enough iron and tuning.
You may be surprised by some random reports, but I guess the “Powered by Lucene” list could be a better argument (hint: look at the bottom, under the “W” letter).

How many organization-wide search engines do really benefit of PageRank™ or other algorithms “sensing” their content to inject the most relevant ads, anyway?

]]> By: kuza55 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-423 kuza55 Fri, 21 Sep 2007 19:47:30 +0000 http://hackademix.net/2007/09/21/outsourcing-xss-vulnerabilities/#comment-423 I understand that its a problem, but saying that anyone could write something like the Google search appliance is a huge exaggeration. Sure, you could write /a/ search engine, but it most likely wouldn't scale or find results particularly well. The reason people by these is because they have very large data sets, not just because they have some tiny website they want to make searchable. I understand that its a problem, but saying that anyone could write something like the Google search appliance is a huge exaggeration. Sure, you could write /a/ search engine, but it most likely wouldn’t scale or find results particularly well. The reason people by these is because they have very large data sets, not just because they have some tiny website they want to make searchable.

]]>