Google flaw adds phishing hole to Web sites

A security flaw in Google's search appliances could expose Web sites that use the products to information-stealing phishing attacks, experts warned Monday. The Google Search Appliance and Google Mini are used by organizations including banks and universities to add search features to Web sites. A flaw in the way the systems handle certain characters makes it possible to craft a Web link that looks like it points to a trusted site, but when clicked serves up content from a third, potentially malicious site.

"This vulnerability affects a lot of very large Web sites," John Herron, a security expert who maintains the NIST.org site, said in an e-mail. "It basically allows a virtual defacement of a Web site when following a malicious link."

View: Full Story @ Reuters

Previous Story
Nintendo Wii Sells 600,000 In Eight Days In North America
Next Story
Symantec Vista security advances despite Patchguard