| » about us |
| » advertising |
| » contact |
|
| |||||
|
|
|
|||
| » home » low cost web hosting » business class hosting | |||||
 |
Unix |  |
Windows |  |
Budget |  |
Reseller |  |
Shared |  |
Dedicated |
| Find Hosting Providers By Country | |||||||||||||||||||
| United Kingdom | Germany | France | Italy | Spain | Romania | Netherlands | Portugal | Czech Rep. | Sweden | Greece | Austria | Switzerland | Denmark | Slovakia | Ireland | Norway | Estonia | Latvia | Lithuania | Slovenia | Croatia | Finland | Luxembourg | Russia | Ukraine | Serbia & Montenegro | Bosnia & Herzegovina | Poland | Bulgaria | Hungary | | |||||||||||||||||||
| Toolbar Flaw Found in Google! | |||||
|
Toolbar Flaw Found in Google! - 2007-12-20 Google is working to fix a bug in the Google Toolbar that could allow criminals to steal data or install malicious software on a system, a security researcher warned Tuesday. The flaw lies in the mechanism Google Toolbar uses to add new buttons on the browser. Because the toolbar does not perform adequate checks when new buttons are being installed, a hacker could make his button appear as though it was being downloaded from a legitimate site when in fact it came from somewhere else. By spoofing the origin of the toolbar button, an attacker could download malicious files or launch a phishing attack against the victim, wrote security researcher Aviv Raff in a blog post on the issue. Raff has posted proof of concept code, showing how such an attack would work with the Internet Explorer browser. A Google spokeswoman confirmed Tuesday that the company is working to fix the problem. The attack requires many steps. First, the victim would have to be tricked into clicking on a Web link that would then pop up a window asking the user if he wants to install a custom button on his toolbar. Because of the flaw, this alert could look like it was downloading the button from a legitimate site such as Google.com, even if it were not. Once the button was installed on the toolbar, the victim would then have to click on it, and finally agree to download and run an executable file for the malicious software to be installed. Because the user would have to go through so many steps in order to fall victim to the attack, the bug isn't a critical one, said Marc Maiffret, an independent security researcher. "While it is interesting, it's probably a low threat compared to other flaws out there," he said via instant message. Still, it was sloppy work on Google's part to miss such a simple attack, he said. "They should definitely assess how it slipped through the cracks," he said. This is not the first obvious Google flaw that Raff has found. Last month, he showed how a simple Web programming error on the Google.com Web site could allow attackers to launch what's known as a cross-site scripting attack. Because Google's programmers didn't properly check the HTML generated by the Google search engine, Raff was able to create a specially crafted Google link that, when clicked by the victim, would trick the browser into running unauthorized scripting code. | |||||
| Featured Web Hosting Providers | |||||
 | |||||
|
Datacenter Luxembourg offers infrastructure, International Internet & Telco Connectivity, Managed E-Commerce, and Housing Services. Luxembourg offers many advantages for locating your Internet or Company Servers. Apart from excellent communications links, the country has recently adopted laws absolving the server operators from responsibility for the content of data stored on these servers, while securing this data on behalf of the owners. | ||||
| |||||
| Web Host Talk | Best Web Hosting | Canadian Hosting | Top Web Hosts | Business Web Hosting | Daw Hosting Blog | VPS Hosting |
| about us | advertising | submit provider | webmaster | contact |
