Where Is A Business Address That is Hidden Not Really Hidden? Google Places

Last March, Google introduced the ability to hide the address for at home and service businesses that do not want clients driving to their locations. At the time, the feature, while useful, also managed to hide your business listing deep in the index. With the rollout of Places Search in October, the feature became more useful as your listing would now show on the new local organic blended results (although still not in the traditional 7-Pack).

One of the reasons that some SMB’s choose to hide their address is that they don’t want the security risk of exposing their home address. Be warned however, that there is “leakage” in the data and it is still possible to find the actual address and or business at that address even if the feature to hide it is selected in your Places Dashboard.

Justin Blase, an SEO in the St. Paul area sent along these screen shots showing just some of the ways that the data can be surfaced for a “hidden” address:

******

There are other Google vectors that display this information so be alert. If your purpose for choosing to use the feature is security you are deluding yourself. You not only won’t show on traditional 7-Pack results (a pretty big penalty) but there is no real security.

Related posts:

  1. Google Places Search: Hiding Address No Longer Buries Listing
  2. How to change your Business Address in the Internet Age
  3. An Internet Change of Address Guide

Chromium to Feature in Pwn2Own Contest!

We’re excited that the Google Chrome browser will feature in this year’s Pwn2Own contest. Chrome wasn’t originally going to be included as a target browser in the competition, but Google volunteered to sponsor Chrome’s participation by contributing monetary rewards for Chrome exploits. For the past year we’ve enjoyed working with the security community and rewarding researchers for high quality work through our Chromium Security Reward program. Sponsoring this contest to discover more bugs was a logical step. We thought we’d answer some frequently asked questions in the form of a Q&A session:
Q) Is Chrome OS a target?
A) No, not this year, as Chrome OS is still in beta. Per HP TippingPoint / ZDI guidelines, the actual target will be the latest stable version of the Chrome browser at the time, running on an up-to-date Windows 7 system. A Chrome OS device will, however, be awarded in addition to the prize money.
Q) Are you betting that Chrome can’t be hacked?
A) No. We think the Chrome browser has a strong security architecture, and Chrome has fared well in past years at Pwn2Own. But we know that web browsers from all vendors are very large pieces of software that invariably do have some bugs and complex external dependencies. That’s why the Chromium Security Reward program exists, along with our newer web application reward program. As a team comprised largely of security researchers, we think it’s important to reward the security community for their work which helps us learn. Naturally, we’ll learn the most from real examples of Chrome exploits.
Q) How do the rules work?
A) We worked with ZDI to come up with a rules structure that would reward exploits in code specific to Chromium and in third-party components such as the kernel or device drivers.
Of course, we prefer to pay rewards for bugs in our own code because we learn more and can make fixes directly. On day 1 of the competition, Google will sponsor $20,000 for a working exploit in Chrome, if it uses only Chrome bugs to compromise the browser and escape the sandbox. Days 2 and 3 will also allow for bugs in the kernel, device drivers, system libraries, etc., and the $20,000 prize will be sponsored at $10,000 by Google and $10,000 by ZDI to reflect the occurrence of the exploit partially outside of the Chrome code itself.
Note that ZDI is responsible for the rules and may change them at their own discretion.
Q) Does this competition impact the Chromium Security Reward program?
A) The program still pays up to $3,133.7 per bug. As always, submissions to the program don’t require exploits in order to be rewarded. In addition, we continue to reward classes of bugs (such as cross-origin leaks) that would otherwise not be eligible for prizes at Pwn2Own. We encourage researchers to continue submitting their bugs through the Chromium Security Reward program.

Simian: Mac OS X package deployment via App Engine

Administration of software packages on the Mac platform can often be daunting. Google’s Mac Operations and Security teams evaluated several solutions for OS X package deployment, but unfortunately none of them met all of our required features. We decided to build our own solution to do the following:

  • Deploy new or updated software by targeting a single Mac or tens of thousands.
  • Push security patches, whether the Mac is on an internal network/VPN or not.
  • Force mandatory installation of some packages, while allowing others to be optional.
  • Tightly manage Apple-provided updates.
  • Scale without deploying and maintaining additional server infrastructure.
  • Obtain reports on all of this and the fleet overall.

Today we are open-sourcing Simian, our solution to enterprise-class Mac OS X package deployment. Simian uses App Engine-based hosting to scale with the needs of your growing enterprise, and a Munki-based client which will continue to evolve through the outstanding work of Greg Neagle and the Munki community. We hope this to be the first of many announcements in sharing Google’s unique IT approach with the larger community.

For more information, please visit our Simian project page, join the discussion list, and download the code. For more information about Munki, please visit its project page.

By John Randolph and Justin McWilliams, Google Corporate Platforms Engineering Team