• On The Insider: Judge Bans Real Housewives Sex Tape

October 20, 2004 6:30 PM PDT

Google fixes security hole

By Stefanie Olsen
Staff Writer, CNET News

  • 2 comments
Related Stories

Major browsers bitten by security bugs

 October 20, 2004

Will Google say hello to IM?

 October 15, 2004
Google on Thursday fixed a security flaw in its Web search service that could have allowed malicious hackers to modify its pages.

According to a report posted to the Bugtraq Security Focus list on Wednesday, Google's new Desktop Search tool did not prevent a hacker from inserting JavaScript, a programming language, into the Web address of its page image, or logo. That vulnerability could have allowed any rogue third party to change the appearance of Google's Web page to ask for personal data such as credit card numbers from its visitors, what's known as a phishing scam, according to the warning.

Mountain View, Calif.-based Google said it has fixed the problem.

"Google was recently alerted to a potential security vulnerability affecting users of our Web site," a company representative said. "We have since fixed this vulnerability, and all current and future Google.com users are protected."

The warning came only a week after Google released its newest Web search product--a tool to search the files on a PC alongside Web pages. Security experts have scrutinized the technology, with some interesting finds. Last week, security consultant Richard Smith found clues that could point to a coming instant chat client from the search giant.

Jim Ley, who runs a Web log, posted the warning about Google's script-insertion flaw, which he said has affected Google's main site for as long as two years. But with the addition of Google Desktop, the flaw became more serious, he said, because "it places the results of a desktop search into the output of a regular Google search." He said that the flaw could have allowed third parties to make a record of all the searches people make.

The flaw primarily had affected people using Microsoft's Internet Explorer Web browser, Ley said.

See more CNET content tagged:
Google Inc., desktop search, flaw, hacker, Internet search

Add a Comment (Log in or register)
Programming Language?
by drajenic October 21, 2004 1:01 PM PDT
Im not exactly sure JavaScript can be called a "Programming Language" but thats just my take. Good of google to fix the issue fast, I actually downloaded that program to see what its like, but honestly I know where my files are and dont need to search for things on my own hard drive. I'm more interested in the IM client thats supposed to be coming out.
Reply to this comment
Why
by volterwd October 23, 2004 10:22 PM PDT
would i need to search my own HD anyways? dont people organize the files on their computer?
Reply to this comment
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Google (0.98%) 4.01 414.40
Dow Jones Industrials (-0.45%) -36.65 8,146.52
S&P 500 (-0.40%) -3.55 879.13
NASDAQ (0.20%) 3.48 1,756.03
CNET TECH (0.23%) 2.92 1,262.58
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET