Vulnerability Found in Google’s Blogger
Google's Blogger, a publishing and hosting service that initiated the blogging craze among people, has been attacked with a bug creating problems in several of its publishing features, including posting, time stamping, editing and auto save, as reported by ComputerWorld on September 22, 2008.
Since early September 18, 2008, publishers had been posting complaints on the Blogger discussion forum, and a Google official finally admitted that a problem had indeed occurred in the afternoon of September 19, 2008.
As per the reports, a lot of medium-level spam mails are making their way into users' inboxes as spam filters strive to differentiate genuine URLs from spam Websites.
Further, a lot of messages took users to a Google Blogger site that was a spam, malware or phishing site. The breakdown of mail also changed a little from the 7-day patterns, as spam occupied a bigger portion. Also, the inaccessible connections dropped from the highest level to 85.7% and spam amount increased to 13.7%.
Besides, blog sites like Google blogspot are now popularly used to post malicious content, and sites for social networking like MySpace, YouTube and Facebook have been tainted with postings of malware as well.
As per the reports, Blogger in early 2008 was detected as a favorite target for hackers and scammers who abuse the blog-publishing utility to create blogs for distributing malware. This made Google the fifth largest malware-tainted network globally in May 2008. Soon in June 2008, a Blogger flaw created problems for publishers who use 'File Transfer Protocol' to post material on their blogs.
Additionally, in August 2008, another flaw caused Blogger to display error messages in place of blog main pages. Apart from this, several days earlier, Google inadvertently declared some legitimate Websites as blogs from spam, making the company work hard towards unlocking them. Furthermore, during the first six months of 2008, spammers built tools for overcoming the CAPTCHA security mechanism that prevents automatic Web posting of material. Another upsetting trend happening relates to the public disclosure of attack codes pertaining to vulnerable software, far more often than it had been previously.
Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities
» SPAMfighter News - 26-09-2008