Google – a possible phishing facilitator ?

Identity Theft - Phishing : Google – a possible phishing facilitator ?

Posted by Max on 2006/11/29 13:55:09 (733 reads)

Hackers and security experts made public a vulnerability in Google's search appliances that is putting hundreds of major organizations such as the U.S. Food and Drug Administration, Stanford University and the National Hockey League open to phishing attacks.

The fault exposes websites that use Google Search Appliance and Google Mini devices.

It is a cross-site scripting (XSS) error in the systems' Unicode Transformation Format (UTF) character encoding that makes it likely for hackers to create nasty links that appear to point to trusted sites.

First discovered on a hacker website and reported by an anonymous researcher known as Maluc, the flaw makes it easy to generate credible and significant phishing attacks.

John Herron, who runs NIST.org, reported the issue to US-CERT (U.S. Computer Emergency Readiness Team), which told Google of the problem.

Google replied that it released a fix on Monday, but only a few of those exposed have used the workaround.

Organizations that use either appliance are highly encouraged to contact Google if they have not yet heard from the company.

Previous article - Next article

Other articles
2008/8/21 15:52:01 - BitRoll and Torrent101 Used to Distribute the Lop Adware
2008/8/20 15:06:33 - FRAUDFacts Helps You Fight Identity Theft and Fraud for Life
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft

The comments are owned by the poster. We aren't responsible for their content.