IDG News Service - Google has fixed a Web flaw that gave hackers a way to take control of Google Buzz accounts.
The flaw was patched late Tuesday, just hours after being disclosed on a Web-hacking blog run by Robert Hansen, CEO of SecTheory.
The bug lay in the m.google.com domain used by Google Buzz for mobile, and could have been exploited by hackers to manipulate other people's Google Buzz accounts. This type of flaw, known as a cross-site scripting error, is common, but it can have nasty consequences on widely used sites such as Google. In addition to taking control of Buzz accounts, scammers could have leveraged the flaw to create hard-to-detect phishing pages that used the Google.com Web domain.
In a Wednesday e-mail message confirming that the bug had been patched, Google spokesman Jay Nancarrow said that the company has "no indication that the vulnerability was actively abused."
Launched just last week, Google Buzz has had a rough rollout. Over the weekend, Google was forced to make changes to the service after users complained that it exposed potentially private information by automatically publishing lists of users' closest Gmail contacts.
- Lawmakers want FTC probe of Google Buzz
- Mike Elgan: How Buzz, Facebook and Twitter create 'social insecurity'
- Google slapped with class-action lawsuit over Buzz
- Google fixes Buzz bug
- After outcry, Google revamps Buzz networking application
- Mike Elgan: How Google Buzz for mobile will change your life
- Google tweaks Buzz to address privacy concerns
- Image gallery: The full buzz on Google Buzz
- Review: The full buzz on Google Buzz
- Google feeds mobile social craze with a little Buzz
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!