Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Debate Over Google Buzz’s Security Subsides

The debate on the privacy configurations of Google Buzz is subsiding as Google has introduced a number of changes to the service. These alterations have been done following complaints received from end-users that Buzz potentially exposed confidential data via automatic publication of their nearest acquaintances' addresses.

Meanwhile, the social media environment Google Buzz with which users can exchange videos, photos and updates with friends found was released during the second week of February 2010.

CEO Robert Hansen of security consultancy firm SecTheory first reported the problem. He stated that the Buzz service website of Google suffered on account of an ordinary web-programming flaw called XSS (cross-site scripting). The flaw could let a hacker introduce harmful JavaScript into Google.com, the CEO explained. SCMagazineUS.com published this on February 17, 2010.

Hansen said that the flaw was extremely common and that according to some specialists, a huge 80% of active Internet sites had this flaw.

He emphasized that an XSS flaw on Google.com, a site that was widely trusted could lead to drastic consequences if exploited. According to him, an attacker was capable of taking advantage of the vulnerability and launching phishing attacks by getting users to visit an illegitimate webpage, which resembled the login page of Google. Alternatively, the attacker could deceptively get users to load malicious software after making it appear as a Google application update.

The security expert said that the con artists could maliciously use their imagination to imitate everything Google did, and that was sadly immense stuff.

More information discloses that the XSS exploit has been in existence for nearly a decade. Yet it's currently a popular mode for infiltrating into a Web program. Cross-site scripting is the severest software flaw capable of resulting in serious vulnerabilities, suggests the Common Weakness Enumeration or SANS Top 25 List which a non-profit syndicate for public interest, MITRE issued on February 16, 2010.

However, Google, following a successful patch release for the flaw stated that the company comprehended how critical it was to keep its users secure, hence it was committed to enhancing Google Buzz's security even further, reported cnet news on February 17, 2010.

Related article: Deputy Registrar, GCE Condemns Publishing of Results Online

» SPAMfighter News - 2/27/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page