Froogle security hole reveals gmail accounts of the buyers,

New security flaw in Google's price comparison engine, Froogle, was discovered by an Israeli hacker.


By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user's Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user's cookie, which contains personal information, such as purchase history, user name and password for Google services.
According to Nir Goldshlager, who discovered the flaw, even if the user chooses not to save the cookie, the hacker can still discover the user's user name and password for other google services such as Google Alerts ,Google Group because google stores a unique number per user that identifies the user is other google services, and the hacker will be able to read this identification number.

Report was originally translated by aviransplace.com from hebrew,

Original report of the flaw in english format is here,

www.aviransplace.com/index.php/archives/2005/01/13/serious-flaw-in-froogle-reveals-gmail-accounts/




0 Comments:

Post a Comment

Links to this post:

Create a Link

<< SEO Blog Home