Google’s Security Hole that allowed account hijacking is now fixed

Google Blogscoped had recently discovered a security hole in Google, which allowed a malicious hacker to get into your Google Services. The security hole was fixed by Google within three and half hour of their reporting. Now they’re providing more Details of the Security Hole.

The problem:

In summary, I was able to create a page that was hosted on a google.com domain, which is something that should never be allowed to happen. Because of this vulnerability, I was then able to use a simple bit of code to steal someone else’s Google cookie and access their Google services.

List of affected Google Services.

Services that were accessible using this technique included: Google Alerts, Google Analytics, Google Base, Google Bookmarks, Google Code, Google Co-op, Google Docs and Spreadsheets, Google Finance, Froogle Shopping List, Google Image Labeler, Google in Your Language, Google Groups, Local Business Center, Google Maps (Saved Locations), Google Notebook, Personalized Homepage, Personalized Search (Search History), Google Reader, 3D Warehouse (SketchUp), Google Video and Google Webmaster Tools.

Scary! isn’t it?

Posted by Niranjan on January 15th, 2007 in News | Share This | Tags: ,
Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...
You might be interested in these as well:

to 'Google’s Security Hole that allowed account hijacking is now fixed'

Subscribe to comments with RSS or TrackBack to 'Google’s Security Hole that allowed account hijacking is now fixed'.

  1. Security Tools News & Tips » Blog Archive » More Security Problems in Google said,

    on January 16th, 2007 at 11:14 am

    […] Just as Google plugged latest security hole, another one is discovered that allows a malicious hacker to steal your cookie data. […]

Post a comment

Powered by WP Hashcash