Google Closes Security Holes in Google Base
Via Netcraft.
Google has fixed a security hole in Google Base that would have exposed sensitive information stored by users of Google's services. The cross site scripting vulnerabilities discovered by British Computer Scientist Jim Ley would allow an attacker to steal cookies and other information from users, while providing fraudsters with the facility to publish their own forms and receive input using an apparently reassuring Google Base URL.
Google Base will spearhead the search giant's entry into classified advertising and payment processing, where it will compete with established offerings from eBay and CraigsList. If it succeeds, Google Base will likely accelerate a trend which has seen a growing percentage of advertising dollars shift to the web and away from television, magazines and especially newspapers, which rely heavily on classified ads for revenue. Strong application security is important to gain user confidence in the service, as Google Base is eventually expected to integrate a micropayment system (presumably Google Payments).
Google's move towards a single Google Account for multiple services exacerbates the problem, as the same account used by the Google Base site can also be used to access financially sensitive services such as AdWords and AdSense, and Google's GMail webmail service.
0 Comments:
Post a Comment
<< Home