11/27/2006

Google flaw adds phishing hole to Web sites

Filed under: — By Aviran Mordo @ 9:48 pm

A security flaw in Google’s search appliances could expose Web sites that use the products to information-stealing phishing attacks, experts warned Monday.

The Google Search Appliance and Google Mini are used by organizations including banks and universities to add search features to Web sites. A flaw in the way the systems handle certain characters makes it possible to craft a Web link that looks like it points to a trusted site, but when clicked serves up content from a third, potentially malicious site.

“This vulnerability affects a lot of very large Web sites,” John Herron, a security expert who maintains the NIST.org site, said in an e-mail. “It basically allows a virtual defacement of a Web site when following a malicious link.”

The vulnerability provides cybercrooks a hook for phishing attacks, scams that try to trick people into giving up sensitive information such as credit card data and Social Security numbers. Phishing scams typically use spam e-mail with a link to a fraudulent Web site.

Source: News.com

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress