Google Cross-Site Scripting Flaw Fixed

By the Betanews Staff | Published December 21, 2005, 5:00 PM

Google has fixed a cross-site scripting vulnerability on its Web site, according to security firm Watchfire. The flaw allowed an attacker to impersonate legitimate Google services in order to launch a phishing attack. The search engine applauded the firm for withholding disclosure until it could fix the problem.

The XSS flaw existed in how Google redirected users in its error pages. An attacker could use UTF-7 characters to take advantage of the vulnerability and insert malicious JavaScript into the URL, the firm said. According to Watchfire, Google fixed the problem on December 1, just two weeks after it had been alerted to the problem.

Comments

Exactly bbfc,

mm/dd/yy is like doing the time mm/hh/ss

Amercians, remember your roots :)

Score: 0

|

dd/mm/yyyy makes more sense than mm/dd/yyyy.

Bloody Americans! :p

Score: 0

|

And I must leap onto the MS bashing bandwagon!...

----- Link File Vulnerability -----
Found: Windows 95 (did 3.1 have links?)
Fixed(mostly): Windows XP Sp2

That's only around a decade. Speedy performance, by comparison.

Score: 0

|

Internesting how that bandwagon didn't exist in this thread 'til you showed up.

How thoughtful of you.

Score: 0

|

--[ Discovery Date: 15/11/2005
--[ Initial Vendor Response: 15/11/2005
--[ Issue solved: 01/12/2005

Note, this is using that back-asswards UK date format of dd/mm/yyyy.

Found Nov. 15th.

Solved Dec. 1st.

Not bad...not bad at all.

Score: 0

|

back-asswards???

It's you that is back-asswards Jeez... :)

Score: 0

|

Sorry, I'll include the [humor] tag from now on for those of you a little slow to catch on.

Score: 0

|

Nokia: Android? Are you crazy?

Rumors about new Android devices abound, but Nokia squashes this one.

What's Now: Drenched with 'Purple Ra1n,' iPhone users caught eating 'redsn0w'

Plus: Symantec and McAfee go to war, and what's LucasArts building in its top-secret, moon-shaped orbital facility?

Can Linux do BitLocker better than Windows 7?

Betanews kicks off a new series with a look at how the Linux operating system's FDE stacks up against BitLocker, the Windows feature that today commands a $120 premium.

Firefox 3.5: The need for speed

This has been the big payoff week for Mozilla's developers, who worked overtime to squeeze out the last drop of performance from their new JavaScript engine.

'GeoHot' gets a shower, cleans up nice, reveals new iPhone 3G S jailbreak

Either puberty has been very kind to the author of the new 'Purple Ra1n' jailbreak tool, or George Hotz may also have some adequate Photoshop skills.

Symantec goes live with Norton 2010 betas

Norton Internet Security and Norton Antivirus 2010 are now available for testing.

IE8 WSUS update push to begin August 25

After months of availability to users willing to seek it out, Internet Explorer 8 will be rolled into Windows Server...

In New York, online booze loses a Circuit Court decision

Court worried about gangster influence if liquor purchased directly.

Geeks vs. journalists: A tale of two worldviews

Recovery with Angela Gunn Why geeks think most mainstream journalism is flaky, and why the mainstream thinks geeks are trying to kill them. (They're both right.)

Fire in downtown Seattle data center knocks out businesses, online services

Small fire has global impact with payment centers, city services down.

What's Next: Obama gives 'Einstein' the go-ahead, while China gives 'Green Dam' a thumbs-down

Plus: If you put up a Web site and name it after you and you're a federal judge, you might not want a bunch of weird nudity hanging around on it.

Hybrid satellite cell phones aren't far off

The first satellite in Terrestar's hybrid cellular/satellite phone network has been launched.

VirtualDub 1.9.3 Experimental

July 6 - 1:28 PM ET

CDBurnerXP Pro 4.2.4.1420

July 6 - 1:07 PM ET

AbiWord for Windows 2.7.6 Beta

July 6 - 12:46 PM ET

Notepad++ 5.4.4

July 6 - 12:25 PM ET

KeePass Password Safe (v2.x) 2.0.8

July 6 - 12:04 PM ET

ReactOS 0.3.10

July 6 - 11:43 AM ET

Tux Paint for Windows 0.9.21

July 6 - 11:22 AM ET