Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Yanks Security Site Poisoned With Porn

Soulskill posted about 3 years ago | from the internet-is-for-porn dept.

Microsoft 36

CWmike writes "Microsoft disabled the search tool on its Safety & Security Center on Saturday after attackers poisoned results with links to pornographic URLs. The company restored the website's search field early Monday afternoon ET. Alex Eckelberry, the general manager of GFI Software's security group and CEO of Sunbelt Software, said search poisoning is not unusual — but this is different. 'This is crafty,' Eckelberry said. 'This isn't normal search poisoning. It's poisoning the results with actual searches. Users were getting back a prior search as a search result.'"

cancel ×

36 comments

Feature (3, Funny)

Sonny Yatsen (603655) | about 3 years ago | (#36726338)

That's not poisoning the results. That's a feature.

An income opportunity for MS. (1)

crovira (10242) | about 3 years ago | (#36726610)

This is a new feature created by Balmer (who's all for looking at porn, [have you seen him dance, sweat-stained armpits and all? I feel dirty just thinking of him going around shouting "Developers",]) and his lawyers (who are going to go after the ofender's website in an effort to collect advertising fees.)

Re:An income opportunity for MS. (1)

Hsien-Ko (1090623) | about 3 years ago | (#36726830)

When he called for "developers developers developers" he obviously meant those wombs and we clearly see that's the intent here

Re:Feature (0)

Anonymous Coward | about 3 years ago | (#36731724)

that's how google is played too. because they track searches. that's why they shouldn't do that, it leads to everyone getting the same crap results, not the results everyone is looking for. it causes the searchs to be just popularity contests instead of providing the original service which was indexing.

Re:Feature (1)

Kamiza Ikioi (893310) | about 3 years ago | (#36731940)

It actually is a feature. FTA: "On Friday, Alex Eckelberry, the general manager of GFI Software's security group and the CEO of Sunbelt Software, said that searches using terms like "sex," "porn," "girl" and "streaming" on the Microsoft site were returning links to pornographic websites at or near the top of the results list."

Well, Gee-flipping-whiz! A search tool brought up porn when someone searched for... porn! Crazy! Call me simple, but it sounds to me that some engineer did his job in delivering relevant search results, poison or not. If you search for sex and porn, odds are that those "poison" results are probably the more relevant results. I understand this is a security site, but either that means you limit it to a list of sites, or you expect open search to, well, search openly.

This is why Bing has to copy Google results. If it didn't, they'd be going nuts over why searches for porn lead to pornography. This way, they still don't know, but they know the internets is happy with Google's strange and mysterious search code that causes pornography to show up on occasion.

As for the poison, its obvious. This wouldn't work on Google because it would take millions of searchers to do this particular technique. I doubt many people actually use this tiny little engine, and a few dedicated people with hours to waste probably thought using it would get around a corporate firewall blocking porn links from Google or something like that. I must say, though, that's a LOT of fapping for this to add up to a poison.

Poisoned? (0)

0racle (667029) | about 3 years ago | (#36726358)

Poisoned? Or made Better?

Re:Poisoned? (1)

tekgoblin (1675894) | about 3 years ago | (#36726370)

1 Vote for better

Re:Poisoned? (0)

Anonymous Coward | about 3 years ago | (#36726462)

I usually dont chuckle at hacks like that. But that one was semi amusing...

Re:Poisoned? (3, Funny)

jhoegl (638955) | about 3 years ago | (#36726558)

Depends on the porn. I dont really wanna see grandma in her panties. Do you?

Re:Poisoned? (2)

Mister Whirly (964219) | about 3 years ago | (#36726692)

Your grandma or my grandma? Because your grandma is kind of hot.

Re:Poisoned? (0)

Anonymous Coward | about 3 years ago | (#36730402)

Are you into necrophilia?

Re:Poisoned? (0)

Anonymous Coward | about 3 years ago | (#36726758)

That funny? Seriously?

Where did go all the porn offended idiots? [slashdot.org]

Re:Poisoned? (0)

Anonymous Coward | about 3 years ago | (#36727104)

You rather want to see her without panties, I reckon?

Re:Poisoned? (1)

wisnoskij (1206448) | about 3 years ago | (#36727160)

I guess the question is then why did you search for her in the first place?

"Users were getting back a prior search as a search result"

Re:Poisoned? (0)

Anonymous Coward | about 3 years ago | (#36728412)

Actually, I searched for her then used the results to poison your search for 'college girls do anything'.

Re:Poisoned? (0)

Anonymous Coward | about 3 years ago | (#36729874)

Poison is in everything, and nothing is without poison. The dosage makes it either a poison or a remedy.

-- Philippus von Hohenheim (Paracelsus)

Bad Summary (0)

sunderland56 (621843) | about 3 years ago | (#36726418)

Better summary "Microsoft's own security web site hacked".

Re:Bad Summary (0)

Anonymous Coward | about 3 years ago | (#36726468)

Any site can be hacked, you realize, it's only a matter of mitigation.

Re:Bad Summary (2, Insightful)

Anonymous Coward | about 3 years ago | (#36726606)

Not hacked, poisoned. The search engine's features have been manipulated in such a way to produce the results. Clever, but no hacking took place.

Re:Bad Summary (0)

Anonymous Coward | about 3 years ago | (#36731586)

They submitted search results from one search engine to the other, making it show up in this way, this may not even have been done intentionally but happened by accident, it does all the time, but because it's porn someone must have done it on purpose! I'd understand poisoning if these results actually showed up for security related search terms, but who would search for (as per the example) 'girl' on a security website?

Yanks (0)

Anonymous Coward | about 3 years ago | (#36726438)

LOL

Security site? (1)

Anonymous Coward | about 3 years ago | (#36726458)

Was it safe sex, at least?

Yank and porn in the title (3, Funny)

Capt.DrumkenBum (1173011) | about 3 years ago | (#36726464)

Well done.

Re:Yank and porn in the title (2)

VortexCortex (1117377) | about 3 years ago | (#36727800)

Alternate Title:
Microsoft Security Site Poisoned With Porn; Jerked offline.

LOL (-1)

Anonymous Coward | about 3 years ago | (#36726594)

Microsoft security? since when?

Re:LOL (1)

hairyfeet (841228) | about 3 years ago | (#36728072)

Actually if it is like there MSE it is since....well never since they bought out Giant which made a decent antimalware package and just rebranded it. I actually thought that was a smart idea, as simply throwing more money at a problem rarely if ever works so it is better just to hire someone who knows how to do what you need done.

Of course the danger to that theory is the Symantec "OMFG how much shit they gonna pile on this thing?" school of jamming everything you buy into a giant "suite' of poorly related crap, but from what I've seen MSE is pretty much just antimalware and that's it. Meh I think Avast Free is better anyway.

As for TFA search results got poisoned, big whoop. With the Anons and LULSec types running amok I'm sure this happens hundred of times a day and it would have even made idle if it was Bob's insurance company or John's house o' security, but in this case it was MSFT who probably farmed it out and got bit by badly coded website design. Surprise surprise.

Considering that since the sweaty monkey took over they have been flinging poo at the wall in the hopes something sticks (Zune,Kin, no real mobile strategy) and hitting themselves in the face more often than not (killing the market they had built up with PlaysForSure with the lame ZunePass) fuckups like this frankly should not be a surprise to anyone. The only real hits they've had since Ballmer is the X360 which they got lucky in that the PS3 screwed their price point with Cell and Blu Ray, not to mention having Halo and Gears to sell the x360 to fratboys, and Win 7 which from what I understand was done by the office guys without Ballmer meddling after the grand suckfest that was Vista.

Stupid is an infinite resource (5, Insightful)

interkin3tic (1469267) | about 3 years ago | (#36726638)

searches using terms like "sex," "porn," "girl" and "streaming" on the Microsoft [Safety & Security Center] site were returning links to pornographic websites at or near the top of the results list

1. Put links to your porn site in MS' safety and security center search bar
2.Wait for people to search for porn in the safety and security center search bar
3.???
4. PROFIT!!!

I want to believe that this is just some automated process that searches the web for search bars and then tries to put in their own porn links. Alternatively, I want to believe that this is just a few porn marketers who are so dumb, they put links to their porn sites in a search field for MS safety and security. But I can't convince myself.

It's depressing to realize that there are actually people dumb enough to go to an antivirus website and start searching for porn.

"Dang! I musta gotten a virus! Don't know how, all I've been doing with this here computer is lookin up pictures of nekkid ladies. Well, better look for something to fix this from microsoft.... boring boring boring, I wanna see nekkid ladies! OOH! PORN!!"

Re:Stupid is an infinite resource (1)

Anonymous Coward | about 3 years ago | (#36727500)

Never underestimate the number of ways people search for pr0n. At our large search engine site, we hear from people who maintain the help center site that pr0n terms predominate the search log.

Re:Stupid is an infinite resource (1)

blair1q (305137) | about 3 years ago | (#36727904)

You'd think a search engine attuned to a particular data set would not allow itself to prioritize results outside that data set.

But then, Microsoft is a company based on selling shit as shinola, so putting a "security search" facade on a basic web search tool should be a no-brainer for them.

Huh? (2)

biodata (1981610) | about 3 years ago | (#36727130)

I'm probably being stupid but if someone puts in a search like 'sex girl porn streaming' in some kind of search engine, how is it bad when the site returns pron links?

Re:Huh? (1)

treeves (963993) | about 3 years ago | (#36728886)

As a for instance, it would be bad if you searched for porn on Saturday, then on Monday at work, when you search for stainless steel widgets, you get search results full of porn links.

this is not clear! (0)

Anonymous Coward | about 3 years ago | (#36731410)

'This isn't normal search poisoning. It's poisoning the results with actual searches. Users were getting back a prior search as a search result.'

If the code he writes is as clear as this, Microsoft is a hell to work at.

Don't even mention about his documentation.

Re:this is not clear! (1)

MichaelSmith (789609) | about 3 years ago | (#36731850)

Wasnt't there an article recently about the bing search database being built by internet explorer capturing the input and output of google searches? Knowing that a person could do a lot of damage...

Best thing MS did was issue a challenge (0)

Anonymous Coward | about 3 years ago | (#36732898)

http://it.slashdot.org/comments.pl?sid=2306598&cid=36701800 [slashdot.org]

That others noted there in that exchange!

Plus, Microsoft's NOT going to get "suckered" by DoS, OR DDoS either as others have by LulzSec &/or Anonymous either:

http://www.networkworld.com/community/blog/microsoft-were-not-vulnerable-ddos-attacks [networkworld.com]

Simply because they "overbuilt their network" just as AMAZON has:

http://tech.slashdot.org/story/10/12/14/1851240/Why-Anonymous-Cant-Take-Down-Amazoncom [slashdot.org]

+ monitor it... & then turn it aside, accordingly!

(Thus, MS can see it coming a MILE away & compensate (by blocking the sources of attack @ the perimeter in firewalls, + even a botnet C&C server or bogus DNS server via DNSBL or even possibly HOSTS files))...

There's also a setting in modern MS IP stacks (BSD derived no less, best in the business) of:

SynAttackProtect

That helps mitigate DDoS attacks!

(That setting works in conjunction-combination with others parameters that set the "look aside/reject" amounts as the network admin sees fit too (they don't note that in the article above)).

APK

P.S.=> Like I said in my 1st link above? MS is performing LITERALLY, the BEST TEST there is, better than "pen testing" too!

(& THAT, is challenging hacker/cracker egos, to have THEM point out ANY POSSIBLE HASSLES IN YOUR NETWORK SECURITY (I did the same on IRC, decades ago circa 1994-2001 or thereabouts adminning the "Official Windows Help Channel" endorsed by no other/no less than K. Mardem Bey (creator of MIRC) himself!))...

... apk

On a guess? TODAY would be the day to (0)

Anonymous Coward | about 3 years ago | (#36744012)

TRY do a DDoS on MS... why? It's Microsoft "Patch Tuesday", every 2nd Tuesday of the month... Because, that way??

Well - Any hacker/cracker's attempts @ doing DDoS would be amplified by the sheer # of people TRYING to get Windows updates as is, manually OR via Automatic Updates itself.

(Just a thought... not saying it's the right thing to do, but... perhaps a "bright-side" of it would be to TEST MS' claims & they might even appreciate it themselves, though I doubt it!)

APK

P.S.=> Not trying to give the likes of LulzSec, or Anonymous any ideas, or any like them (such as AntiSec either), but, that's how I'd do it... that would, probably FOR SURE, stress even MS' massive network setup, overbuilt as they are (like AMAZON's, with much excess capacity probably on fiber & OC3/OC12 setups & Full T1 @ a mininum), plus the SynAttackProtect setting in MS' BSD derived IP stack...

... apk

Should read . . . (1)

lastx33 (2097770) | about 3 years ago | (#36742788)

Yanks withdraw porn site poisoned by Microsoft.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...