Archive for September 21st, 2007

I've just read on RSnake's blog that MustLive, a very active the Ukrainian researcher, disclosed yet another XSS vulnerability affecting the Google Search Appliance.

The Google Search Appliance starts at $30,000, whereas the Mini starts at $1,995.

This means that about 196.000 web sites, many of them belonging to very important Universities and other public bodies, are willing to pay for putting their data and their users at risk.

Last time I checked, putting up a self-hosted search engine was not a terribly hard task, no matter if you prefer Java, PHP or just plain CGI.
When you discover your own web site is broken, do you really want to depend on someone else for a fix?

Bad Behavior has blocked 599 access attempts in the last 7 days.