|
|||||||
| Other Tech News The latest community based technology news from across the globe. (If you aren't a community newsposter then use the "Submit News" section.) |
 |
|
|
Thread Tools |
Dec 21, 2005, 09:54 PM
|
#1 |
|
DriverHeaven Extreme Member
Join Date: Apr 2004
Posts: 7,275
Rep Power: 89   |
Google plugs 'obscure' phishing holes
Google has fixed a security flaw that had opened the door to phishing scams, account hijacks and other attacks, security researchers said Wednesday.
The flaw, known as a cross-site scripting vulnerability, existed because Google did not properly secure its mechanism for two error pages, according to Web security company Watchfire, which discovered the problem. Watchfire posted to a security mailing list an advisory on the issue. Attackers could exploit the flaw to launch phishing scams or steal a user's credentials, said Ory Segal, director of security research at Watchfire. Phishing scams are designed to trick people into giving up sensitive information such as usernames, passwords, credit card details and Social Security numbers. "When we looked at the Google site, we saw that they are very good with their Web application security, but it looked like they forgot about this obscure variant of cross-site scripting," Segal said. ___________ Read More / Source: News.com |
|
|
|
| Thread Tools | |
|
|
