
CURRENT SECTION :: News	The No. 1 Resource for UK IT Contractors: Comprehensive guides - Daily news IT contract jobs - Market rates - Forums - IT contractor network - Calculators

Members
Subscribe to our news letter service to keep current with the latest news and information. Click here to join.

Site Navigation
Home News Contractor Alliance Calculators Company Formation Bulletin Board First Timers Legal : IR35 Legal : S660 / MSC Legal : BN66 Contractor Guides Jobs Contract Search Urgent Contracts Overseas Guides Market Stats Money Insurance Training Directory Agency Directory Contact Us

Search
Advanced Search

Contractor Calculators
Dividend Calculator Corporation Tax Calculator Rate Increase Calculator NI / PAYE Calculator IR35 Calculator Limited Company Calculator VAT Calculator Umbrella Calculator Savings Calculator Mortgage Calculator Loan Calculator

News for you
RSS XML feed News feed for your site News feed information

News article sponsored by...

The UK's favourite PAYE umbrella company

Easy to use online portal for timesheets, expenses & pay

Very fast set up - within 24hrs

Google patches flaw in Web search

Google has fixed a security hole in Web search that put the search site�s account holders at risk from identity theft.

Hackers exploiting the cross-site scripting vulnerability could have taken control of any account-based Google service and inserted fake content on Web search as a precursor to phishing attacks.

The theft of personal data was enabled by two Google sub-sites, which did not validate and filter input, meaning a remote attacker could insert fake content and scripts in order to steal victims� Google cookies.

Security experts at Finjan, who detected the threat, said once a user was logged-on to their account, the cookie would help hackers to identify ther victim via Google Groups.

Alternatively, malicious amendments could have been made to users� Froogle wish list or saved Web searches.

Saved Google alerts were also at risk from being hijacked, as was the accuracy of information on the company�s website, which could have been jazzed up in a bid to convince searchers� to download malicious files.

Limor Elbaz, vice president at Finjan, described the security hole as inviting a three-pronged attack that would have corrupted Google Accounts, or deceived end users with fake Google information by �downloading malicious content, or providing personal and confidential information.�

The security firm�s Malicious Code Research Center said Google reacted �quickly� by fixing the hole, aided by disclosure of full technical details, including proof-of-concept.

The vulnerability represents the second warning from security experts in recent months that cyber criminals are defacing or spoofing Google to fund their illegal operations.

Oct 12, 2005

Email this article
Printer friendly page
Previous Page

Contractor's Questions
Ask a Question If you have a question about contracting please feel free to ask us!


All content © Contractor UK Limited	[Register for News Letter] \| [Privacy Statement] \| [Terms of Use] \| [Top of Page]