Google fixes security flaw

***
13-Oct-2005

Google patches website security flaw that could be exploited for phishing attacks.

***

Google has fixed a security bug on its websites that put the sites' account holders at risk from phishing scams, identity theft and other threats.

Known as a cross-site scripting vulnerability, the bug affected Google's AdWords advertising program and a customer training site. According to security company Finjan Software, hackers exploiting the bug could have taken control of Google accounts and inserted fake content in order to launch phishing attacks via stolen cookies.

Saved Google alerts, users' Froogle wish-list and web searches were also at risk from being hijacked. The security hole was described by Limor Elbaz, vice president at Finjan, as inviting a three-pronged attack that would have corrupted Google Accounts, or deceived end user with fake Google information by "downloading malicious content, or providing personal and confidential information."

Within 30 hours Finjan's alert, Google reacted quickly to fix the bug and confirmed that no user data was lost or compromised.

The similar cross-site scripting vulnerability was spotted on Microsoft's Xbox 360 website. Security experts had also given warnings of security flaws found on Google's and Yahoo's web-based e-mail services in the past.

Source: http://www.contractoruk.com/news/002330.html - Contractoruk.com

MillerSmiles News

13/10/05

Talk about this article on our phishing news discussion forum

---

PRESS/MEDIA ENQUIRIES

MillerSmiles is the web's dedicated anti-phishing service. Launched in 2003, the site has become one of the most trusted internet security related websites on the internet.

For enquiries relating to this story or any other part of the MillerSmiles website please email the MillerSmiles team here

If you are interested in business and partnership opportunities with MillerSmiles please email us here