Google search bug could be exploited by phishers

News

Google search bug could be exploited by phishers

Tash Shifrin

A bug in the Google Search Appliance used by many businesses to search their corporate information could be exploited in a phishing attack, security experts have warned.

The NIST.org security news website warned that a Cross-Site Scripting (XSS) vulnerability in the widely used search appliance affects “a lot of large websites, many that are ripe for phishing exploits”.

The flaw was first reported on a hackers’ website and relates to the use of UTF-7 character encoding to bypass special character input handling. Examples have “demonstrated vulnerabilities at some major websites, including large government sites, major universities, etc”, NIST.org said.

The security website has reported the issue to the US Computer Emergency Readiness Team (US-CERT) and to one of the affected government bodies.

But it warned, “With so many financial institutions and government agencies using this appliance it is only a matter of time before this vulnerability is exploited in a large scale phishing attack.”

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy