lunes, 22 de enero de 2018

Ficha del recurso:


Vínculo original en Infoworld (developer-world)
Robert McMillan | IDG News Service

Fecha de publicación:

miércoles, 17 de febrero de 2010

Última actualización:

viernes, 19 de febrero de 2010

Entrada en el observatorio:

viernes, 19 de febrero de 2010



Archivado en:

Google fixes Buzz bug

The cross-site scripting flaw was fixed within hours on Tuesday

Google has fixed a Web flaw that gave hackers a way to take control of Google Buzz accounts. The flaw was patched late Tuesday, just hours after being disclosed on a Web-hacking blog run by Robert Hansen, CEO of SecTheory.

The bug lay in the domain used by Google Buzz for mobile and could have been exploited by hackers to manipulate other people's Google Buzz accounts. This type of flaw, known as a cross-site scripting error, is common but it can have nasty consequences on widely used sites such as Google. In addition to taking control of Buzz accounts, scammers could have leveraged the flaw to create hard-to-detect phishing pages that used the Web domain.

In a Wednesday e-mail message confirming that the bug had been patched, Google spokesman Jay Nancarrow said that the company has "no indication that the vulnerability was actively abused."

Launched just last week, Google Buzz has had a rough rollout. Over the weekend, Google was forced to make changes to the service after users complained that it exposed potentially private information by automatically publishing lists of users' closest Gmail contacts.