Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Google plugs security holes in Web site

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Google plugs security holes in Web site
Date: Tue, 27 Dec 2005 02:19:02 -0600 (CST) 
http://www.networkworld.com/news/2005/122205-google-holes.html

By Elizabeth Montalbano
IDG News Service
12/22/05

Google has patched security flaws in its Web site that would have 
exposed users to phishing and other attacks designed to steal account 
information, according to security researchers. 

Researchers at risk management software company Watchfire posted an 
advisory this week about the flaws, which are called XSS, or 
cross-site scripting, vulnerabilities. These types of vulnerabilities 
leave a site open to various attacks, such as account hijacking, 
changing of user settings, cookie theft/poisoning or false 
advertising. 

The advisory for the flaws can be found here [1]. 

The possibility for attacks at www.google.com was present when users 
encountered two different error pages, the "404 not found" error 
message and a Web-site redirection error message. 

Google did not properly secure these pages, which exposed users to 
possible attack by exploiting the 7-bit Unicode Transformation Format 
character-encoding mechanism, according to Watchfire. 

The company corrected the flaws by using character-encoding 
enforcement, according to Watchfire.

Google was not immediately available for comment Thursday.

[1] http://www.watchfire.com/securityzone/advisories/12-21-05.aspx



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Google plugs security holes in Web site, InfoSec News <=
Previous by Date:  [ISN] Auditors: FBI on thin ice in Sentinel buy, InfoSec News
Next by Date:  [ISN] Top Security Trends for 2006, InfoSec News
Previous by Thread:  [ISN] Auditors: FBI on thin ice in Sentinel buy, InfoSec News
Next by Thread:  [ISN] Top Security Trends for 2006, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]