Google – a possible phishing facilitator ?Best Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
Internet security & monitoring for networks - Dld trial!  Bookmark and Share 
Best Tips
Tax Preparers Exposing S...
What Is A Denial Of Serv...
How To Prevent Social En...
What is a Firewall ?
Use CAN-SPAM Aginst Spam...
How To Setup Nintendo Wi...
ZoneAlarm Internet Secur...
CSRF Explained
How To Do Safe Online Tr...
Dr.Web Antivirus Review
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Vuln: 'com_abbrev' Joomla! Component 'controller' Parameter Local File Include Vulnerability
2010/12/31 0:00:00
Vuln: Joomla! 'com_countries' Component 'locat' Parameter SQL Injection Vulnerability
2010/12/31 0:00:00
Vuln: Discuz! 'referer' Parameter Cross Site Scripting Vulnerability
2010/12/31 0:00:00
Vuln: Kayako eSupport 's_query' Parameter HTML Injection Vulnerability
2010/12/31 0:00:00
Troj/Krap-H
2010/3/20 5:17:47
Our Partners
Downloads
 0.TarcisSansUT Heavy PC
 1.Batch Fax to PDF
 2.Quick Batch File Compiler
 3.ChargeMeter - money meter & dialer prot...
 4.Wondershare Flash to PSP Converter
 5.PhotoOne Print
 6.Savannah Safari - Animated Screensaver
 7.MailTrack
 8.Avex DVD to iPhone Converter
 9.PhotoPackager
Identity Theft - Phishing : Google – a possible phishing facilitator ?
Posted by Max on 2006/11/29 13:55:09 (1316 reads)
Identity Theft - Phishing

Hackers and security experts made public a vulnerability in Google's search appliances that is putting hundreds of major organizations such as the U.S. Food and Drug Administration, Stanford University and the National Hockey League open to phishing attacks.

The fault exposes websites that use Google Search Appliance and Google Mini devices.

It is a cross-site scripting (XSS) error in the systems' Unicode Transformation Format (UTF) character encoding that makes it likely for hackers to create nasty links that appear to point to trusted sites.

First discovered on a hacker website and reported by an anonymous researcher known as Maluc, the flaw makes it easy to generate credible and significant phishing attacks.

John Herron, who runs NIST.org, reported the issue to US-CERT (U.S. Computer Emergency Readiness Team), which told Google of the problem.

Google replied that it released a fix on Monday, but only a few of those exposed have used the workaround.

Organizations that use either appliance are highly encouraged to contact Google if they have not yet heard from the company.



Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.



 

NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Feb '09 | Mar '09 | Apr '09 | May '09 | Jun '09 | Jul '09 | Aug '09 | Sep '09 | Oct '09 | Nov '09 | Dec '09 | Jan '10 | Feb '10 
4000+ Security Software Downloads