iEntry 10th Anniversary RSS Newsletter Advertising
WebProNews Alerts:
Join the WebProWorld Forum!
SearchSocial MediaTechnologyMarketingEmail MarketingGoogleFacebookTwitterBingYahooAmazonYouTube Tags
Text: Decrease Font Size Increase Font Size | Print Print Article | Share: Delicious Digg StumbleUpon Post to Twitter Post to Facebook
CommentTuesday, January 16, 2007

Google Crossed Up By XSS Again

By WebProNews Staff

Yet another cross-site scripting issue has cropped up with Google, as their dominant place on the Internet could be starting to draw Microsoft-like attention from malicious hackers.

Google Gets XSS Wires Crossed
Even though Google seemingly has a license to print money with its lucrative search advertising business, it isn't time to start minting coins with a motto of "In Google We Trust." Curious explorations of the code for their web-based services have been revealing some scary potential within them.

Garett Rogers posted at his Googling Google blog how another cross-site scripting issue with Google has been discovered. This would be the third such problem found in the past few weeks.

"I will not give you details as to how the exploit works until it has been fixed - but I can tell you that it is extremely easy for anyone who knows HTML to exploit," he wrote.

Google has been quick to patch these flaws when identified. The nature of this one has Rogers advising people to completely log out of their Google Accounts while surfing the web.

That's the kind of advice Google will not enjoy hearing, even though it is appropriate to the threat involved here. Building trust among their users takes a hit when someone has to log out of a service like Gmail or Google Reader, to say nothing of Google's profitable AdWords clients.

Rogers wrote of the vulnerability and noted that "another XSS vulnerability that easily and without the victim's consent can steal cookies and hijack your Google account." Imagine the chatter on the blogosphere if someone who profits nicely from AdSense discovered a criminal changed the name and address of the payee account, and got a revenue check redirected by exploiting a cross-site flaw.

The trio of exploits that have been revealed were all found by people who were more interested in seeing them fixed. Those with a more criminal bent won't be so quick to drop Google a note about security issues. If criminals step up their attacks on Google, will 2007 be the year people lose their trust in their services?

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Bookmark WebProNews:

David Utter is a staff writer for WebProNews covering technology and business.

  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Twitter
News Tags: Google

Publish A Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
8 + 11 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
SEARCH
Popular WPN Business Resources
WebProNews Video Blog View All Videos












Subscribe to WebProNews


Send me relevant info


WebProNews Videos | Advertise | About Us | Newsletter | Archive | News Feeds | Terms & Conditions | Login

WebProNews is an iEntry Network ® publication - © 1998-2009 All Rights Reserved