Now Google hits security hurdle

After Microsoft, Yahoo and Skype, Google has become the latest household name to find its security under question after having to patch its Google Base content-hosting service to prevent attackers stealing sensitive information from users.

After Microsoft, Yahoo and Skype, Google has become the latest household name to find its security under question after having to patch its Google Base content-hosting service to prevent attackers stealing sensitive information from users.

 

The problem, which was patched within hours of its discovery, allowed attackers to steal cookies and other information from Google Base users and embed fraudulent forms within Google Base web pages. This cross-site scripting vulnerability has also cropped up in Google’s search service

 

Google Base gives users a way to classify and post information such as recipes or classified advertisements. The items listed also appear on appropriate parts of Google’s site, such as the web index, the Froogle comparison shopping site and the local business directory.

 

The bug in Google Base was said to have been easy to find, due to “incompetent” programming, but what has irritated security specialists is Google’s lack of acknowledgement of any security holes.

 

They suggest flaws in programs from companies such as Yahoo and Google show they need to improve testing or risk losing public trust in their products. The fear is that the security problems provide fraudsters with the tools to create plausible phishing sites because the base URL would be that of a well-known brand.

 

There will probably have to be more flaws and criticism before Google holds up its hands and pleads, “Mea culpa”.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close