Google flaw adds phishing hole to Web sites

A security flaw in Google"s search appliances could expose Web sites that use the products to information-stealing phishing attacks, experts warned Monday. The Google Search Appliance and Google Mini are used by organizations including banks and universities to add search features to Web sites. A flaw in the way the systems handle certain characters makes it possible to craft a Web link that looks like it points to a trusted site, but when clicked serves up content from a third, potentially malicious site.

"This vulnerability affects a lot of very large Web sites," John Herron, a security expert who maintains the NIST.org site, said in an e-mail. "It basically allows a virtual defacement of a Web site when following a malicious link."

View: Full Story @ Reuters

Report a problem with article
Next Article

Symantec Vista security advances despite Patchguard

Previous Article

UltraISO 8.6 PE