It appears that Google has fixed this security flaw in its Web search service that could have allowed malicious hackers to modify its pages. But, according to Ley, the fix doesn't seem to be complete to him. In special cases, strings used in javascript and vbscript can still put things other than http urls into img elements. This may mean there are remaining vectors to attack, either with different script methods, or by playing with charsets that bypass the filtering.
"I seem to be getting what appears to be successful google exploits coming in again, I don’t know if this is because of proxy caches, or some google boxes haven’t been patched, or just because the logs are making other requests look like google ones. But a reasonably steady request for the javascript files with google referrers. and then subsequent hits to the steal uri just like the pattern when it was working for me are coming in.""Google was recently alerted to a potential security vulnerability affecting users of our Web site," a Google representative said. "We have since fixed this vulnerability, and all current and future Google.com users are protected."
"Still appears patched for me though - Netcraft however says they’ve found another though, not surprising, but lets hope google are little faster at fixing it this time - Turns out my 2 years was actually an undersestimate, in May 2002 I posted it to usenet, and that was months after I’d let google know."
This is in direct contradiction to Ley's statement of them being informed over two years ago and leaves you to wonder just how safe the Desktop product is.
UPDATE: Netcraft reported that Google has fixed the second phishing vulnerability that was discovered on Wednesday. Google notified Netcraft that they had closed the vulnerability, making this less-than-two-days response much faster than the two years reported by Jim Ley when he discovered a separate but similar bug.
No comments:
Post a Comment