Sales
0161 215 3700
0800 458 4545
Support
0800 230 0032
0161 215 3711

Google catches phishing flaw in appliances

Google catches phishing flaw in appliances

Security experts are warning the computing world about a new security vulnerability in Google's Search Appliance and Google Mini device that may yield more phishing attacks. The flaw uses a cross-site scripting vulnerability that makes many websites "ripe for phishing exploits," according to NIST.org, a security group that detailed the vulnerability. The exploit, allowing search results to include HTML or JavaScript, allows hackers to bypass the way both Search Appliance and Google Mini handle some special characters, triggering what one analyst termed the "perversion of legitimate websites." "It makes attacks much easier -- targets do not have to be 'phished' into going to a phony website, they actually just go to the legitimate site," Gartner analyst John Pescatore told internetnews.com. "In many ways, this is more dangerous than phishing email, since it is harder to detect," Pescatore said. The vulnerability, which follows a similar exploit in the Google appliances from last year, has not been exploited to anyone's knowledge, a Google spokesman said in a statement. The Google spokesman said it learned of the flaw from security group CERT on November 22 and provided customers with instructions on how to fix the problem on the same day. Google was able to privately inform its customers about the risk, rather than publicly announce the security gaffe as is the case with Microsoft, because the search company has a smaller base of customers, according to Pescatore. John Herron, who manages the NIST site, praised Google for its quick action. While Google "did a really good job on this," Herron said he is concerned many customers are not used to patching the devices designed for small businesses and are likely to be complacent. Moreover, he said government agencies are already concerned about what impact such security vulnerabilities could have in a time of emergency, Herron said. "They're afraid of a coordinated misinformation attack," said Herron. "People would be led to sites with real government URLs but with fake information." Pescatore meanwhile said flaws in Google product are becoming more common. "I hope they get better -- they can't live much longer on the reputation of being a friendly vendor, who isn't Microsoft, if they want to sell to enterprises," he said. No responsibility can be taken for the content of external Internet sites.

print this article

Return to internet news headlines
View Internet News Archive

Share with: