Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance

原创 2007年09月27日 02:57:00

就像医生永远不是失业一样,做计算机安全的也是,因为安全问题就像细菌病毒一样不断的进化繁衍!

From ZDNet

Hackers expose holes in GMail, search applianceGoogle’s security model is not holding up very well to scrutiny from hackers.

In the past few days, there have been multiple disclosures of security vulnerabilities in a wide range of Google products, including a persistent e-mail theft issue affecting the widely used GMail service.

The unpatched GMail bug, which was demonstrated for me by hacker Petko D. Petkov, is particularly nasty because of the way the exploit works without any user action and the fact that it’s difficult for the average GMail user to know that e-mails are being stolen.

The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.

The attack technique is known as cross-site request forgery (CSRF) and has haunted Google in the past. Earlier this year, the company was forced to correct a similar flaw after details leaked out on an issue that put GMail contact lists at risk.

Google Search Appliance users at risk:

Hackers expose holes in GMail, search applianceSeparately, a Romanian security researcher has published details of a cross-site scripting bug affecting users of the enterprise-facing Google Search Appliance.

Mustlive, the hacker behind the Month of Search Engine Bugs project, published a proof-of-concept and a Google dork to demo the attack — and expose businesses using the search appliance.

Google (Blogspot) Polls vulnerability

A third issue has been disclosed at Beford.org to show how a cross-site scripting bug in Google’s Blogspot Polls could allow the hijacking of sensitive information.

The ‘font’ parameter was not being sanitized before being used inside an STYLE tag, so you could inject IE’s expression() and Mozilla’s -moz-binding.

Several proof-of-concepts — this one hijacks your Google contacts, this one intercepts incoming GMail — are publicly available. (IMPORTANT NOTE: clicking on those links while logged into Google Accounts might not be such a good idea).

An exploit against Picasa

Google’s Picasa photo-sharing software and Web service is also vulnerable to an exploit scenario that uses a combination of cross-site scripting, cross-application request forgery and URI handler weakness to steal photographs from the victim’s hard drive.

Technical details of the Picasa issue have been released by Billy Rios and Nate McFeters.

Finally, there’s a cross-site scripting bug in Google’s Urchin Analytics service that can be exploited to steal user credentials. An explanation of this vulnerability has been published by Adrian Pastor.

版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

Google Search APK can not work on android 4.2

问题描述:google search apk will crash when clicking the microphone button to run the voice search.It is ...

UISearchDisplayContoller – can't prevent table reload on typing in search bar

http://stackoverflow.com/questions/3903718/uisearchdisplaycontoller-cant-prevent-table-reload-on-typ...

(Redirect)How to create my own Corporate intranet(Site Definition In MOSS 2007)?(http://hermansberghem.blogspot.com/2008/04/crea

http://hermansberghem.blogspot.com/2008/04/creating-corporate-intranet-using-moss.htmlHow to create ...

UE4 Expose On Spawn 的使用

在UE4中,当我们在spawnactor时候想直接给产生出来的actor赋予一些变量的初始值时候,就需要使用到Expose On Spawn这个功能。根据使用环境和位置,分下边几种情况。       ...

Google Gson 字段过滤:@Expose

Google Gson 字段过滤:@Expose

【完美解决系列】duplicate entry: com/google/gson/annotations/Expose.class

项目在引入Retrofit2时,运行项目时会报出以下错误:Error:Execution failed for task ':app:transformClassesWithJarMergingFor...

Failed to connect to VMware Lookup Service on VMware vCenter Virtual Appliance

Failed to connect to VMware Lookup Service on VMware vCenter Virtual Appliance I’ve been rebuildi...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)