Froogle security hole reveals gmail accounts of the buyers,

Google

New security flaw in Google’s price comparison engine, Froogle, was discovered by an Israeli hacker.

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user’s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user’s cookie, which contains personal information, such as purchase history, user name and password for Google services.

According to Nir Goldshlager, who discovered the flaw, even if the user chooses not to save the cookie, the hacker can still discover the user’s user name and password for other google services such as Google Alerts ,Google Group because google stores a unique number per user that identifies the user is other google services, and the hacker will be able to read this identification number.

Report was originally translated by aviransplace.com from hebrew,

Original report of the flaw in english format is here,

www.aviransplace.com/index.php/archives/2005/01/13/serious-flaw-in-froogle-reveals-gmail-accounts/

No Comments

No comments yet.

Leave a comment

 
SEO
Link Building
Our Company
Web Design

Blog Rolls
Services
Articles
100 Web Tools
Sitemap


Search Engine Optimization SEO Company | Privacy Policy | Term of Service | Copyright

Search Engine Genie is an Ethical Search Engine Optimization Company Specializing in Search Engine Marketing, Search Engine Promotion and Search Engine Ranking Services.

Request a Free SEO Quote