Google Crossed Up By XSS Again - Webdigity webmaster forums

12, October 2008	Google Crossed Up By XSS Again - webmaster forum
	This forum shares its ad revenue with its members!
Navigation Webdigity Services Pagerank Monitor Whois Tool Web Design Gallery Webmaster Forums Webmaster Directory Tutorials Database Webmaster Forums WebDigity Community HumanWorks network new... Clickbank Contextual S... Forum Contests Forum Lounge New Member Introductions Tech News Google Forum User Forums aStatSpam forum Computers 3rd-Party Scripting The 100 Lists Website ... PixelThings Smart Publisher Forums Talk Design and Layout General webmaster disc... Graphics & Multimedia Adobe Photoshop Macromedia Flash & Act... Web Page Design HTML & XHTML CSS Accesibility issues Website & Graphic Revi... Web Development PhP PHP classes @finalwebs... Php User Class JavaScript Databases MySQL Security Miscellaneous Languages ASP & .NET Java & JSP Web hosting talk Hosting companies Domain names Configuring your server Apache web server Monetizing your site General Business CPC programs Adsense Chitika eMiniMalls CPM programs Affiliate programs & o... Web site promotion Promotion techniques Search Engine Optimiza... Google SEO Promoting & building a... SMF moding & promoting Marketplace Advertise your services Sell your site Sell a domain name Request services Hire people Link trading requests [ Home \| Help \| Search \| Forum's Shop \| Archive \| Login \| Register \| Webmaster Directory ]

Webdigity Webmaster Forums > WebDigity Community > Forum Lounge > Tech News
Topic: Google Crossed Up By XSS Again

« previous next »

Pages: [1]

Author

Topic: Google Crossed Up By XSS Again (Read 285 times)

Robot
Internet Junkie

Posts: 2177
19591 credits
Members referred : 0

« on: Jan 16, 2007, 02:17:35 PM »

Yet another cross-site scripting issue has cropped up with Google, as their dominant place on the Internet could be starting to draw Microsoft-like attention from malicious hackers.

To read the full article click here

I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master

Gender:

Posts: 8116
41653 credits
Members referred : 3

« Reply #1 on: Jan 16, 2007, 08:52:27 PM »

Interesting read Smiley

Quote

I will not give you details as to how the exploit works until it has been fixed - but I can tell you that it is extremely easy for anyone who knows HTML to exploit

Seems like the google engineers are not SO good after all....

Trial and Error my two best teachers Cool

Join us @ facebook

Last blog : Free Unlimited Bandwith and disk space to good to be true?

Tim Nash
Global Moderator
Community Supporter ?
Internet Junkie

Posts: 2173
5036 credits
Members referred : 2

Venture Skills - New Media & IT group

« Reply #2 on: Jan 17, 2007, 02:01:24 PM »

Cross scripting issues are bound to pop up in web based applications paticularly across a large single sign on system like Google. I'm only suprised it doesn't happen more often. I think part of the problem is the authentication methods google use vary from application, how Google Analytics authenticates users for example appears to be different from how Gmail does.

I think once this is sorted out and they have a common platform these issues should lesson, though its still problamatic in that they actually give out methods and handles to authenticate against google user base to the public.

Would you like to be an SEO, let me help with, The Tim Nash introduction to SEO

alternatively for Social media optimisation take a look at the Venture Skills Blog

Last blog : Its all in the mp3s

I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master

Gender:

Posts: 8116
41653 credits
Members referred : 3

« Reply #3 on: Jan 17, 2007, 02:26:18 PM »

It would be reasonable to use web services (SOAP) for that kind of operations, but as they are so vulnerable to XSS attacks it appears that google uses more old fashioned technology, which is also reasonable as the old technologies produce less overhead and for sites with millions of requests every hour this is a significant factor Smiley

Trial and Error my two best teachers Cool

Join us @ facebook

Last blog : Free Unlimited Bandwith and disk space to good to be true?

Trackback URI for this entry : http://www.webdigity.com/trackback.php?topic=5638

Bookmark this thread : Digg Del.icio.us Dzone more....

Topic sponsors:
Get a permanent link here for $1.99!

Pages: [1]

Webdigity Webmaster Forums > WebDigity Community > Forum Lounge > Tech News
Topic: Google Crossed Up By XSS Again

« previous next »

Jump to:

User Area
Welcome, Guest. Please login or register. Did you miss your activation email? Oct 12, 2008, 03:29:21 AM Login with username, password and session length

Donate to our community, and get a permanent link back to your site!

Forum Statistics
Total Posts: 36.906 Total Topics: 7.558 Total Members: 4.150 Tutorials : 56 Resources : 143 Designs : 220 Latest Member: neli67 25 Guests, 5 Users online : Yahoo crawler, Baidu Spider, adsense, Msnbot, Googlebot 14 users online today: YMC, PHPNewbie-KY, TryUsOut, microvps, trelog, mirela, Nikolas, ljay, Miranda Evening, estuartie, anniiee, LeLe, ceejay77, toy17s

Recent topics
Populating a PDF with FPF v... Re: The HTML Cheat Sheet... Re: Your favorite City... Re: The other side of affil... THIS IS ANNIIEE!!!!!!!!!!!!... Re: Eye Problem - Using Co... Re: Leisure Time Re: What do you do for livi...

HumanWorks Network
Technology news Webmaster articles Sublime web directory RSS Feed directory and viewer

Readers

Web Design Gallery · Whois Lookup · Pagerank · Tag Browsing · Lo-fi version · Syndication · Webmaster forum history · Advertise
Developed by HumanWorks © 2005 - 2008 Webdigity webmaster community · sublime directory
Webdigity Webmaster Forums | Powered by SMF 1.0.12. © 2001-2005, Lewis Media. All Rights Reserved.

Google Crossed Up By XSS Again - webmaster forum