Twitter and Google Calendar Found Vulnerable to XSS AttacksA security researcher has detected some security flaws in Google Calendar as well as Twitter that can put users' security at stake. The cross-site scripting (XSS) vulnerability can be easily exploited if a user inserts harmful code to his/her quick add post calendar. As per Penetration Testing Expert at Avnet Technologies, Nir Goldshlageer, the HTML code injection issue can take a user to a malicious website anytime he views his Google Calendar events, as per the news published by HACKER The Dude on January 1, 2010. Goldshlageer claimed that the when the victim inserts this harmful code, his session ID and cookies will be stolen and forwarded to the attacker website. He also added that this will enable the attacker to completely take over the victim's Google accounts including Google Groups, Google Calendar account, iGoogle, etc. The proof of concept released by researcher Nir Goldshlageer showed XSS vulnerabilities in Twitter and Google Calendar. Twitter released a fix for the flaw on December 30, 2009, as per the reports. On the other hand, a spokesperson for Google claimed that they do not think that the report has proof of considerable security issues, as per the news published by eWEEK on January 2, 2010. He further said that trying to dupe someone into imitating unknown, distrustful code into the text field of a Google Calendar is in no way a likely assault vector and is not being seen abused. But they will check the input validation processes in Google Calendar text fields to help evade any misuse of this competence before an occasion is disinfected. Goldshlageer also showed that HTML code injection flaw can be utilized to sign out a user of his own Google account; something that Google spokesperson claimed to be insignificant from the security aspect and that can simply be prevented by not following the link. Ultimately, the researcher informed that they should repair this at once as a hacker can take an attacked user to any website that he wishes and can steal victim's session IDs and cookies, as per the news published by BROADBAND DSLreports.com on January 2, 2009. Related article: Twitter Flaw Compels Victims to Follow Hacker’s Account » SPAMfighter News - 12-01-2010
Share and tell your friends!
| All SPAMfighter products offer a free trial!
SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.
Optimize your Slow PC for better performance. Try FREE scan now
SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.
Remove Spyware with SPYWAREfighter - Free 30 days trial
Antivirus software for your Windows PC - Free 30 days trial | ||||||||||||||||||||||||||||
| <<< | >>> | ||||||||||||||||||||||||||||
SPAMfighter is
