Unholy trinity of flaws put Google users at risk - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 09-25-2007, 07:02 AM   #1 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Unholy trinity of flaws put Google users at risk

If you use Google to send email, organize photos or help administer your website, doomwatchers have cataloged three new ways to steal your data and compromise the security of your users. All three of the techniques rely on cross site scripting, or XSS, in which hackers inject unauthorized code by making it appear as if it's hosted by a trusted website.
The most serious vulnerability resided in the so-called polls application, a part of Google Groups. It made it possible to steal contacts and messages from Gmail accounts. A Google spokesman on Monday afternoon said the flaw had been fixed.
document.write('\x3Cscript src="http://ad.uk.doubleclick.net/adj/reg.security.4159/front;'+RegExCats+GetVCs()+'pid='+RegId+';'+RegKW+ 'maid='+maid+';test='+test+';pf='+RegPF+';dcove=d; sz=336x280;tile=3;ord=' + rand + '?" type="text/javascript">\x3C\/script>');



Multiple pieces of proof-of-concept code posted online graphically demonstrated the potential for attacks that target the weakness. One stole all contacts listed in a Gmail account, while a second sent all incoming Gmail messages to an email account of the researcher's choosing.
"If you're good at JavaScript, writing a good exploit for those vulns is [a] trivial matter" Giorgio Maone, a researcher told El Reg. He added that the weaknesses could be exploited "serially," meaning that a single piece of attack code will compromise virtually any Gmail account.
The exploit code worked on at least four browsers, including Internet Explorer, Firefox, Opera and Konqueror, at least when they are using default settings and are not running extensions that block the running of javascript. To be pwned, a victim had to be logged in to Gmail while opening the attack website.
A second vulnerability plagues the Google search appliance, which Google sells so webmasters can do scraping and other types of internal searches. By creating a specially crafted URL, an attacker can inject code or overwrite pages of a third-party site that uses the appliance.
Attack scenarios include the stealing of cookies used to log in to the third-party site or the alternation of a trusted site so it prompts an unsuspecting user for personal information and then transmits it to the attacker.
The disclosure came in a post on the Mustlive blog, which included examples of URLs that were said to cause two sites - one run by ICANN and the other by The University of York to steal a user's cookies. (We plugged both addresses into version 7 of IE and only the latter appeared to work, so it's possible that ICANN has already plugged the hole.)
According to this Google search, as many as 200,000 sites were vulnerable to the attack at time of writing.
A third vulnerability could be used to steal photos designated in Google's Picasa picture organizer simply by luring a user to a malicious website. It is a highly complex exploit that marries a variety of techniques, including XSS, cross application request forgery, Flash and URI handler weakness exploitation.
A Google spokesman said the company had recently become aware of the flaw in its search appliance and would offer more details about a fix after a more thorough investigation. Google officials are unaware of the vulnerability being targeted in the wild.
The spokesman also said the company has made it more difficult to exploit the Picasa weakness by educating users about the consequences of installing new buttons to the application. The button, which can now only be installed after clicking OK on a confirmation window, must be installed for the attack to work, he said.
"Google takes security issues very seriously and will respond swiftly to fix verifiable security issues," the spokesman said. "Some of our products are complex and take time to update."
This unholy trinity of serious weaknesses is reminiscent to a week-long stretch in late May and early June in which four Google vulnerabilities were documented. Like those discovered this time, most involved XSS errors, which are often the result of trying to make multiple services scattered across a website work seamlessly.
Other sites to be bitten recently by the XSS bug include Yahoo! and TJMaxx.
While Google's security team usually score high marks for policing the site and safeguarding users from scams, the mass of vulnerabilities are a reminder that as code becomes increasingly sophisticated, even the most elite developers make mistakes that can lead to security breaches.
"It's pretty endemic of where the web applications security community is mentally," said Robert Hansen, CEO of secTheory.com, who publishes on the ha.ckers blog under the moniker of RSnake. "They're looking to make a point, which is the companies that do the most to protect themselves are probably the most vulnerable. Even spending hundreds of millions of dollars on this still has not gotten them to the point where they're secure."
__________________

__________________
Osiris is offline  
Old 09-25-2007, 01:38 PM   #2 (permalink)
Self Proclaimed Immortal
 
hmammen's Avatar
 
Join Date: Jan 2006
Location: lounge 146 (Euless TX)
Posts: 2,679
Send a message via AIM to hmammen Send a message via MSN to hmammen Send a message via Yahoo to hmammen
Default Re: Unholy trinity of flaws put Google users at risk

Its basically like phishing on myspace. Now that these idiots got bored with myspace, they move on to phish gmail. Great.
__________________

Posted from my Nexus7
hmammen is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Security Holes Put PC Users at Risk Osiris Viruses, Spyware and Malware 0 08-08-2007 11:09 AM


Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:08 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.