Now Google hits security hurdle

News Analysis

Now Google hits security hurdle

After Microsoft, Yahoo and Skype, Google has become the latest household name to find its security under question after having to patch its Google Base content-hosting service to prevent attackers stealing sensitive information from users.


The problem, which was patched within hours of its discovery, allowed attackers to steal cookies and other information from Google Base users and embed fraudulent forms within Google Base web pages. This cross-site scripting vulnerability has also cropped up in Google’s search service


Google Base gives users a way to classify and post information such as recipes or classified advertisements. The items listed also appear on appropriate parts of Google’s site, such as the web index, the Froogle comparison shopping site and the local business directory.


The bug in Google Base was said to have been easy to find, due to “incompetent” programming, but what has irritated security specialists is Google’s lack of acknowledgement of any security holes.


They suggest flaws in programs from companies such as Yahoo and Google show they need to improve testing or risk losing public trust in their products. The fear is that the security problems provide fraudsters with the tools to create plausible phishing sites because the base URL would be that of a well-known brand.


There will probably have to be more flaws and criticism before Google holds up its hands and pleads, “Mea culpa”.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy