Universal XSS Vulnerability in Google

It does worry me when Google services gets hacked with a Cross Site Scripting vulnerability that compromise just about everything.

Inferno released an advisory in Bugtraq stating that he discovered a method of exploiting the following Google items (to name a few):
1. Steal your emails.
2. Steal your contacts.
3. Steal your documents.
4. Steal your code.
5. Steal your sites.
6. Steal your website analytics.
7. Backdoor your iGoogle Homepage with malicious gadgets.

With Twitter’s recent Cross Site Scripting worm and now Google’s universal vulnerability I think its time to re-think your client-side security controls if you haven’t already.

If you haven’t already looked at something like noscript for protection against these attacks, I’d highly recommend it. It may not provide you with complete peace of mind but at least you know you have an extra layer of security against pesky and basic XSS attacks!

• Take XSS to the bank
• Security sites and XSS

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Copyright 2007. Diary of Michael Daw. All rights reserved

• Home
• About
• Contact
• Store
• Projects
• Michael’s Toolbox
• Site Disclaimer