Welcome to WebmasterWorld Guest from 54.162.214.205

Forum Moderators: open

Message Too Old, No Replies

Google Fixes Security Hole

     
12:19 pm on Oct 21, 2004 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38059
votes: 13


[news.zdnet.co.uk...]

According to a report posted to the Bugtraq Security Focus list on Wednesday, Google's new Desktop Search tool did not prevent a hacker from inserting JavaScript, a programming language, into the Web address of its page image, or logo. That vulnerability could have allowed any rogue third party to change the appearance of Google's Web page to ask for personal data such as credit card numbers from its visitors, what's known as a phishing scam, according to the warning.
8:43 am on Oct 31, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 12, 2003
posts:772
votes: 0



yeah, and gmail has a new one where the authentication cookie can be hijacked.

there is no known workaround, even if the user changes passwords. a highjacked cookie will remain valid.