Drošības speciālisti ir pieķērušies Googlei

Šobrīd vairs nav miera nevienam un nepaliek nepamanīts praktiski neviens produkts vai serviss, it īpaši, ja tas ir ļoti populārs. Drošības speciālisti ir pabakstījuši Googles servisus un atraduši tur pāris vājās vietas. Vienu tādu nepilnību Googles speciālisti novērsa, bet drošības eksperti uzskata, ka var būt vēl šis tas nesalāpīts.

The Google hole is an example of a common security problem affecting Web sites that dynamically generate Web pages based on input from unknown sources, such as Web surfers, according to a vulnerability note written in 2000 by the Computer Emergency Readiness Team at Carnegie Mellon University in Pittsburgh. (See: http://www.cert.org/advisories/CA-2000-02.html.)

Google developers appear to have missed that four-year-old warning and the company did not respond to repeated e-mails sent to an address for reporting security holes, Ley said.

In patching it, Google developers changed their code to prevent javascript and vbscript, but may have left open other avenues of attack, Ley wrote in an e-mail.

5 komentāri par “Drošības speciālisti ir pieķērušies Googlei

Ieraksti komentāru

Tava e-pasta adrese netiks publicēta.