Attackers to Exploit Search Personalization, Supply Chains

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Attackers to Exploit Search Personalization, Supply Chains

dstiles

10:13 pm on Nov 15, 2012 (gmt 0)

Search personalization could be the next "virus attack". G and other SEs will need to do some serious research to avoid this, but will they until it is too late?

In fact, is it already happening? I've seen reports hereabouts from a few people that their SE results are not always what they expect and cannot explain why.

...'automated censorship' is increasingly commonplace online... report claims researchers have managed to enumerate and modify Internet users’ search history with cross-site request forgery attacks.

[threatpost.com...]

This isn't the only exploit scenario addressed in the posting.
[edited by: tedster at 4:40 am (utc) on Nov 16, 2012]
[edit reason] make link clickable [/edit]

aristotle

4:12 pm on Nov 17, 2012 (gmt 0)

When Google adds new "features" such as personalization, local search, videos, +1 authors, etc, spammers and hackers immediately start looking for ways to exploit them and all to often are successful.

engine

4:25 pm on Nov 17, 2012 (gmt 0)

This was one of the emerging threats in the Georgia Tech report. [webmasterworld.com...]

There's no question about it, there's big money to be gained by effectively hijacking users search.

gerrigale

4:53 pm on Nov 17, 2012 (gmt 0)

I was worried about google asking for way too much information. I think we are vulnerable if we fill in all the profile data they are asking for. This I believe will become a huge problem in the future.

dstiles

9:46 pm on Nov 17, 2012 (gmt 0)

Not just G. Other SEs are now providing "personalized search" as well.

My response is to block cookies and javascript and, for preference, use a meta engine such as ixquick for all but extreme searches.