Security Problem of Google Base Fixed
November 18, 2005
Google Inc has patched up a security problem with its Google Base that allowed attackers to steal sensitive information from the users of the new content-hosting service.
This security problem was patched up within hours of its discovery earlier this week. This security problem allowed the attackers to steal cookies and other information from the Google base and also made the attackers to put up fraudulent forms on the website of the Google site. This kind of problem is called cross site scripting vulnerability.
Google Base (http://base.google.com/base/default), which was released in beta version on Wednesday, gives users a way to classify and post information like recipes or classified advertisements. Items that are listed there will then also appear at appropriate parts of Google's site, such as the Web index, the Froogle comparison shopping site and the local business directory.
The bug in Google Base was easy to find, and was due to "incompetent" programming on Google's part, according to Jim Ley, the U.K. computer expert who discovered the bug.
Security experts have criticized Google in the past for being excessively secretive about what, if any, security procedures it uses to develop products. While rival Microsoft Corp. has gone to great lengths to publicly describe the steps it is taking to improve security in its software, Google has refused to talk about security, other than to confirm that it does have some employees who work in the area.
Source: InfoWorld
|
News
