12, October 2008

Google Crossed Up By XSS Again - webmaster forum

 
Webdigity webmaster forums
This forum shares its ad revenue with its members!
[ Home | Help | Search | Forum's Shop | Archive | Login | Register | Webmaster Directory ]
Webdigity Webmaster Forums  >  WebDigity Community  >  Forum Lounge  >  Tech News
Topic: Google Crossed Up By XSS Again
« previous next »
Pages: [1] Print

Author Topic: Google Crossed Up By XSS Again  (Read 285 times)
Robot
Internet Junkie
****
Posts: 2177
19591 credits
Members referred : 0


« on: Jan 16, 2007, 02:17:35 PM »

Yet another cross-site scripting issue has cropped up with Google, as their dominant place on the Internet could be starting to draw Microsoft-like attention from malicious hackers.


To read the full article click here Visit through proxy

I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 8116
41653 credits
Members referred : 3



« Reply #1 on: Jan 16, 2007, 08:52:27 PM »

Interesting read Smiley

Quote
I will not give you details as to how the exploit works until it has been fixed - but I can tell you that it is extremely easy for anyone who knows HTML to exploit

Seems like the google engineers are not SO good after all....

Trial and Error my two best teachers Cool
Join us @ facebook Visit through proxy

Last blog : Free Unlimited Bandwith and disk space to good to be true?
Tim Nash
Global Moderator
Community Supporter ?
Internet Junkie
*****
Posts: 2173
5036 credits
Members referred : 2


Venture Skills - New Media & IT group


« Reply #2 on: Jan 17, 2007, 02:01:24 PM »

Cross scripting issues are bound to pop up in web based applications paticularly across a large single sign on system like Google. I'm only suprised it doesn't happen more often. I think part of the problem is the authentication methods google use vary from application, how Google Analytics authenticates users for example appears to be different from how Gmail does.

I think once this is sorted out and they have a common platform these issues should lesson, though its still problamatic in that they actually give out methods and handles to authenticate against google user base to the public.

Would you like to be an SEO, let me help with, The Tim Nash introduction to SEO Visit through proxy alternatively for Social media optimisation take a look at the Venture Skills Blog Visit through proxy

Last blog : Its all in the mp3s
I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 8116
41653 credits
Members referred : 3



« Reply #3 on: Jan 17, 2007, 02:26:18 PM »

It would be reasonable to use web services (SOAP) for that kind of operations, but as they are so vulnerable to XSS attacks it appears that google uses more old fashioned technology, which is also reasonable as the old technologies produce less overhead and for sites with millions of requests every hour this is a significant factor Smiley

Trial and Error my two best teachers Cool
Join us @ facebook Visit through proxy

Last blog : Free Unlimited Bandwith and disk space to good to be true?
Trackback URI for this entry : http://www.webdigity.com/trackback.php?topic=5638
Tags : News Technology google microsoft Bookmark this thread : Digg Del.icio.us Dzone more....

Topic sponsors:
Get a permanent link here for $1.99!


Pages: [1] Print 
Webdigity Webmaster Forums  >  WebDigity Community  >  Forum Lounge  >  Tech News
Topic: Google Crossed Up By XSS Again
« previous next »
Jump to:
User Area
Welcome, Guest. Please login or register.
Did you miss your activation email?
Oct 12, 2008, 03:29:21 AM





Login with username, password and session length

Donate to our community, and get a permanent link back to your site!

Donate to our community, and get a permanent link back to your site!


Forum Statistics
Total Posts: 36.906
Total Topics: 7.558
Total Members: 4.150
Tutorials : 56
Resources : 143
Designs : 220
Latest Member: neli67

25 Guests, 5 Users online :

14 users online today:



Readers

Web Design Gallery · Whois Lookup · Pagerank · Tag Browsing · Lo-fi version · Syndication · Webmaster forum history · Advertise
Developed by HumanWorks © 2005 - 2008 Webdigity webmaster community · sublime directory
Webdigity Webmaster Forums | Powered by SMF 1.0.12. © 2001-2005, Lewis Media. All Rights Reserved.