Phishing may have hit Google users
Indo-Asian News Service
New York, October 22
Internet search giant Google's aficionados may just have lost some vital information that could hurt their wallet!
Hackers exploiting a flaw in Google's desktop search tool launched a week back could have illegally obtained critical data of users like credit card information, said a highly rated Internet security watchdog, securityfocus.com.
The flaw -- which Google finally plugged on Wednesday -- might have made vulnerable the highly trusted search engine's Google Desktop to phishing -- the Internet fraud of using spoofed-up emails and web pages to persuade users to part with critical information.
The website, antiphishing.org, which keeps a watch over phishing scams, said fraudsters succeeded in convincing about five per cent of their targets in parting with critical data.
Considering the billions of page views that Google receives daily worldwide, the exposure could have been enormous, experts believe.
Users accessing the search website using Microsoft's Internet Explorer were particularly vulnerable, according to Jim Ley, the Internet security expert who exposed the hole in the search engine's security.
Internet Explorer runs on about 75 per cent of all personal computers worldwide.
Ley's antiphishing warning had said Google's search tool failed to prevent hackers from inserting a programming code - JavaScript -- into a web address allowing a third party to change the Google's web page to ask for personal data such as credit card numbers from its visitors.
Ley's website jibbering.com claimed Google technicians contacted him to point out that they had plugged the hole on Wednesday.
Ley said Google's script-insertion flaw, which he said affected Google's main site for as long as two years, became aggravated after the launch of its desktop search tool because it placed the results of a desktop search into the output of a regular Google search.
He said the flaw could have allowed third parties to make a record of all the searches people made.
http://www.hindustantimes.com/news/181_1070459,0003.htm
Indo-Asian News Service
New York, October 22
Internet search giant Google's aficionados may just have lost some vital information that could hurt their wallet!
Hackers exploiting a flaw in Google's desktop search tool launched a week back could have illegally obtained critical data of users like credit card information, said a highly rated Internet security watchdog, securityfocus.com.
The flaw -- which Google finally plugged on Wednesday -- might have made vulnerable the highly trusted search engine's Google Desktop to phishing -- the Internet fraud of using spoofed-up emails and web pages to persuade users to part with critical information.
The website, antiphishing.org, which keeps a watch over phishing scams, said fraudsters succeeded in convincing about five per cent of their targets in parting with critical data.
Considering the billions of page views that Google receives daily worldwide, the exposure could have been enormous, experts believe.
Users accessing the search website using Microsoft's Internet Explorer were particularly vulnerable, according to Jim Ley, the Internet security expert who exposed the hole in the search engine's security.
Internet Explorer runs on about 75 per cent of all personal computers worldwide.
Ley's antiphishing warning had said Google's search tool failed to prevent hackers from inserting a programming code - JavaScript -- into a web address allowing a third party to change the Google's web page to ask for personal data such as credit card numbers from its visitors.
Ley's website jibbering.com claimed Google technicians contacted him to point out that they had plugged the hole on Wednesday.
Ley said Google's script-insertion flaw, which he said affected Google's main site for as long as two years, became aggravated after the launch of its desktop search tool because it placed the results of a desktop search into the output of a regular Google search.
He said the flaw could have allowed third parties to make a record of all the searches people made.
http://www.hindustantimes.com/news/181_1070459,0003.htm
