Thursday, August 7, 2008
Google is more interested in tracking traffic than it is in web and email security, analysts have suggested.
Information Week has reported that researchers giving a speech at the Black Hat security conference have asserted that the search giant has been unresponsive to demands to fix web security vulnerabilities.
Network security researcher Robert Hansen insisted that a full fix for a phishing scam exploit identified four years ago still has not been implemented, although other vulnerable sites Visa and DoubleClick patched the hole within hours or days.
Information Week noted that Google has declined to comment on the failure to fix the bug since it was confronted about the problem two weeks ago.
In the presentation, he explained that the phishing scam exploited a vulnerability in Google gadgets that allows malicious code to be inserted into web applications.
"We alerted them to it and they decided not to fix it and now we're just demonstrating what we found," Hansen explained in an earlier Information Week article.
Related News:
Cybercrime is a geopolitical issue - 11.14.2008
As cybercrime has become ever more lucrative, hacking has taken on a geopolitical dimension, SC Magazine has claimed.
Phishing scams an added burden on Wall St - 11.7.2008
Working group launches phishing scam guidance - 11.4.2008
The Anti-Phishing Working Group (APWG) has issued new guidance for domain registrars which aims to help them identify websites used to launch phishing scams.
Sarkozy smells a phish - 10.21.2008
French president Nicolas Sarkozy has derided the state of email security after being caught out by a phishing scam.
The year's biggest email security scams - 10.21.2008
The launch of phishing scams purporting to originate from hurricane recovery charities is one of the biggest email security stories of the year so far.
