|
Google Base launched with security flaw |
|
|
|
|
Saturday, 26 November 2005 |
Google Base, which was launched in beta version on Wednesday, provides
users a way to post and classify information. These contents posted by
users will also appear at Google’s web index, Froogle shopping site and
its local business directories.
Recently, Google has patched a security problem with its
content-hosting service. The security problem allowed attackers to
steal sensitive information and cookies from Google Base and helped the
attackers to insert counterfeit forms within Google Base pages. The
problem, called a cross-site scripting vulnerability, faced both
Yahoo’s mapping service and Google’s search service.
According to Jim Ley, the U.K computer specialist who discovered the bug, the problem was easy to find.
“It was due to incompetent programming on Google’s part. Obviously,
there has been no security testing and there were cross-site-scripting
holes in Google Base,” Jim Ley posted in his blog.
While its adversaries such as Microsoft has been publicly describing
the security measures for improvement of its services, Google refused
to talk about its new content-hosting service and its security
measures.
“Google didn’t contact me to acknowledge my report regarding the bug.
Google appear to have a complete silence approach to security, I guess
they think what the public don't know can't worry them,” Jim Ley posted
in his blog.
According to Paul Mutton, an Internet Services Developer with
Netcraft, the nature of the problems discovered by Ley provides
attackers with the tools to create sites with a good level of
plausibility because the base URL would be that of a well-known brand -
in this case Google or Yahoo.
"These flaws show that companies like Google and Yahoo has two choices:
they need to improve testing their products or risk losing the public
trust," wrote Mutton on Netcraft's website. Both reporters and security
experts have criticized Google's secretiveness about its products and
its security developments. Search Giant Google remains silent regarding
this issue.
By Paulene Calinawan
Jump2Top.Com
Search Engine Optimization Company |
|
Last Updated ( Tuesday, 29 November 2005 )
|
