IDG News Service - Google has fixed a Web flaw that gave hackers a way to take control of Google Buzz accounts.
The flaw was patched late Tuesday, just hours after being disclosed on a Web-hacking blog run by Robert Hansen, CEO of SecTheory.
The bug lay in the m.google.com domain used by Google Buzz for mobile, and could have been exploited by hackers to manipulate other people's Google Buzz accounts. This type of flaw, known as a cross-site scripting error, is common, but it can have nasty consequences on widely used sites such as Google. In addition to taking control of Buzz accounts, scammers could have leveraged the flaw to create hard-to-detect phishing pages that used the Google.com Web domain.
In a Wednesday e-mail message confirming that the bug had been patched, Google spokesman Jay Nancarrow said that the company has "no indication that the vulnerability was actively abused."
Launched just last week, Google Buzz has had a rough rollout. Over the weekend, Google was forced to make changes to the service after users complained that it exposed potentially private information by automatically publishing lists of users' closest Gmail contacts.
- Lawmakers want FTC probe of Google Buzz
- Mike Elgan: How Buzz, Facebook and Twitter create 'social insecurity'
- Google slapped with class-action lawsuit over Buzz
- Google fixes Buzz bug
- After outcry, Google revamps Buzz networking application
- Mike Elgan: How Google Buzz for mobile will change your life
- Google tweaks Buzz to address privacy concerns
- Image gallery: The full buzz on Google Buzz
- Review: The full buzz on Google Buzz
- Google feeds mobile social craze with a little Buzz
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!