Google modifies search tool to prevent fraud

News

Google modifies search tool to prevent fraud

Antony Savvas

Google has modified its Google Desktop search tool to prevent users’ PCs from being attacked by hackers using a vulnerability in Microsoft’s Internet Explorer browser.

Microsoft was considering whether to issue a patch or advisory on the potential problem after it was publicised last week by an Israeli internet security expert.

Matan Gillon said he had found a way to steal a user’s desktop information when Internet Explorer was used to access Google’s desktop search service. The problem did not affect any other browser, he said. Any stolen information could have been used by thieves to commit fraud.

Google said it had now made an adjustment in the way its service worked with Internet Explorer, closing the potential opening to users’ data.

The bug was related to the way the browser processes web page layout information using the CSS (Cascading Style Sheets) format.

The CSS format is widely used to improve the way websites look and feel, but attackers could take advantage of the way IE processes CSS data to steal information.

To fall victim to the flaw, attackers first had to get internet users to visit a malicious website, used to harvest the user’s desktop data.

Users could have prevented such attacks by turning off JavaScript in their browsers. JavaScript is used by website developers to make their sites more attractive. Despite Google’s move, Microsoft is still considering issuing its own security update.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy