Security Firm Indentifies Google Scripting Vulnerability
 

San Jose, California - ( The Hosting News ) - October 10, 2005 - Internet security firm, Finjan, identified a cross site scripting vulnerability on the Google website last week.

Limor Elbaz, Vice President of Business Development and Strategy with Finjan described the issue, ''The cross site scripting vulnerability could have allowed a remote attacker to take over victims' Google Accounts, or fake the website's content in order to deceive end users into downloading malicious content or providing personal and confidential information (known as 'phishing').''

Two google.com sub-sites contained forms which did not validate and filter input. This lack of data validation and filtering could have allowed an attacker to inject content and scripts which could allow him to steal the victim's cookie. If the victim were to be logged-on to their Google Account at the time, the attacker, by virtue of having the victim's cookie, could have gained access to some of the Google services like the victim's personal account information, any saved searches, Froogle's wish list, Google alerts, or even identify the user in the Google Groups.

The attacker might also have been able to change the content of the entire page, allowing him to perform phishing attacks, or convince the user to download malicious files. In late September, Finjan's Malicious Code Research Center (MCRC) provided Google with full technical details, including proof-of-concept, concerning the vulnerability in order to assist Google with the fix.

Google has worked quickly to complete the fix on its website. The vulnerability is now fixed, and is no longer a cause of concern for Google site visitors.

The Malicious Code Research Center (MCRC) is the leading research department at Finjan Software, dedicated to the research and detection of security vulnerabilities in Internet and email applications as well as other popular applications. For further information, please visit: http://www.finjan.com/mcrc/ .

Finjan Software is a leading provider of proactive, behavior-based secure content management solutions, protecting close to millions of users from known and unknown attacks, globally. For more information about Finjan and its proactive protection solutions against threats driven by mobile malicious code, please visit: http://www.finjan.com .




Click here to view affordable hosting offers .











.










 
SEO | CPC ADVERTISING | SERVICES | WEBMASTER TOOLS
FREE SUBMISSION | FORUMS | NEWS | CLIENTS | ABOUT US | CONTACT US | PRIVACY POLICY
©Copyright 2010 by Submit Express