Debate Over Google Buzz’s Security Subsides
The debate on the privacy configurations of Google Buzz is subsiding as Google has introduced a number of changes to the service. These alterations have been done following complaints received from end-users that Buzz potentially exposed confidential data via automatic publication of their nearest acquaintances' addresses.
Meanwhile, the social media environment Google Buzz with which users can exchange videos, photos and updates with friends found was released during the second week of February 2010.
Hansen said that the flaw was extremely common and that according to some specialists, a huge 80% of active Internet sites had this flaw.
He emphasized that an XSS flaw on Google.com, a site that was widely trusted could lead to drastic consequences if exploited. According to him, an attacker was capable of taking advantage of the vulnerability and launching phishing attacks by getting users to visit an illegitimate webpage, which resembled the login page of Google. Alternatively, the attacker could deceptively get users to load malicious software after making it appear as a Google application update.
The security expert said that the con artists could maliciously use their imagination to imitate everything Google did, and that was sadly immense stuff.
More information discloses that the XSS exploit has been in existence for nearly a decade. Yet it's currently a popular mode for infiltrating into a Web program. Cross-site scripting is the severest software flaw capable of resulting in serious vulnerabilities, suggests the Common Weakness Enumeration or SANS Top 25 List which a non-profit syndicate for public interest, MITRE issued on February 16, 2010.
However, Google, following a successful patch release for the flaw stated that the company comprehended how critical it was to keep its users secure, hence it was committed to enhancing Google Buzz's security even further, reported cnet news on February 17, 2010.
Related article: Deputy Registrar, GCE Condemns Publishing of Results Online
» SPAMfighter News - 27-02-2010