Google flaw provides in for phishing

29th Nov 2006
Leave a Comment
DaveN
Google

wow. I was pointing out to a friend which Antivirus software i use, and saw there news section :

A security flaw in Google’s search appliances could expose Websites that use the products to information-stealing phishing attacks, ZDNet UK reports.

The Google Search Appliance and Google Mini are used by organisations including banks and universities to add search features to Websites. A flaw in the way the systems handle certain characters makes it possible to craft a Web link that looks like it points to a trusted site, but when clicked serves up content from a third, potentially malicious site.

“This vulnerability affects a lot of very large Websites. It basically allows a virtual defacement of a Website when following a malicious link,” a security expert said.

“We have notified all customers and provided them with clear instructions on how to protect their appliances,” a Google spokesperson said, adding that no Google Search Appliance or Google Mini users have reported any exploits of the flaw.

now that’s BAD news for google, when are they going to sort out these security issues .. I don’t want to say google checkout but that must be a prime target for teh Hackers

DaveN

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

5 Comments | Leave a comment »

1. Phantombookman | November 29th 2006 @ 8:29 pm

I don’t pretend to understand how this stuff works, it’s not my area.

I am baffled that companies such as Google with all their highly skilled, and highly no doubt paid , manpower and resorces can not only release these flawed products but actually encourage others to use them.

Some spotty teenager in his bedroom somewhere has just pissed all over the work of a whole team of experts on 6 figure salaries I guess?
2. phaithful | November 29th 2006 @ 9:14 pm

I originally saw this on ha.ckers.org … http://ha.ckers.org/blog/20061118/widespread-xss-for-google-search-appliance/ where Rsnake write about how maluc found the exploits.
3. Ashley Peach | November 30th 2006 @ 12:23 am

Google sitemaps is also causing a security certificate error when you try to login…

Although after your previous post about Google sitemaps maybe I shouldn’t be trying to login?
4. Lee | November 30th 2006 @ 8:27 am

’bout damn time they have something that will force them to better protect they data they collect from each and everyone of us… Like Andy Haggins and co said, protect yourself… http://www.linkbuildingblog.com/2006/11/competitive_web.html
5. seekXL | December 6th 2006 @ 3:20 pm

a new security bug is founding at google mini.

here the link to the security paper:
http://secunia.com/advisories/23239/

+ Advertise Here

Firewall Script

Firewall Script I'm going to do a full write up on this, but I have been testing this out on a blog, that's been hacked and DDOS a few times over the last 6 months, why do people feel I want to host their Malware, why don't I just update WP time and effort I guess

Anyway I had been looking for a solution that i can install on a shared box that that I didn't have root access on.

Anyway My test is coming to an end, and I going to try and score a deal on a multiple domain license, or even try and buy a lump of the company lol

Click here to learn more about our PPC management services »

Click here to learn more about our Search engine marketing services »