Google modifies search tool to prevent fraud


Google modifies search tool to prevent fraud

Antony Savvas

Google has modified its Google Desktop search tool to prevent users’ PCs from being attacked by hackers using a vulnerability in Microsoft’s Internet Explorer browser.

Microsoft was considering whether to issue a patch or advisory on the potential problem after it was publicised last week by an Israeli internet security expert.

Matan Gillon said he had found a way to steal a user’s desktop information when Internet Explorer was used to access Google’s desktop search service. The problem did not affect any other browser, he said. Any stolen information could have been used by thieves to commit fraud.

Google said it had now made an adjustment in the way its service worked with Internet Explorer, closing the potential opening to users’ data.

The bug was related to the way the browser processes web page layout information using the CSS (Cascading Style Sheets) format.

The CSS format is widely used to improve the way websites look and feel, but attackers could take advantage of the way IE processes CSS data to steal information.

To fall victim to the flaw, attackers first had to get internet users to visit a malicious website, used to harvest the user’s desktop data.

Users could have prevented such attacks by turning off JavaScript in their browsers. JavaScript is used by website developers to make their sites more attractive. Despite Google’s move, Microsoft is still considering issuing its own security update.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy