Google fixes flaw before publicized
Results 1 to 6 of 6

Thread: Google fixes flaw before publicized

  1. #1
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912

    Google fixes flaw before publicized

    I think MS should look at how things go with google ... and learn how to fix things ....

    Google Inc. fixed a security vulnerability on its search-engine Web site within days of being notified by security vendor Finjan Software Inc., Finjan said yesterday.
    Finjan's Malicious Code Research Center notified Google of a cross-site scripting vulnerability in September, according to San Jose-based Finjan. Google fixed the problem within "a few days," said a Finjan spokeswoman.

    A Google spokesman wasn't immediately available for comment yesterday.

    The vulnerability could have allowed a remote attack to take over Google accounts or to fake Google's content and deceive computer users into going to a bogus site and giving up personal information, Limor Elbaz, Finjan's vice president of business development and strategy, said in a press release.

    Two Google.com sub-sites contained forms that did not validate and filter input. Because of the lack of data validation and filtering, the vulnerability could have allowed an attacker to inject content and scripts and steal Google.com users' cookies. When users were logged on, an attacker could then gain access to Google services such as account information, saved searches, Google alerts and the user's Google Groups identity, Finjan said.

    Source
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Well Id say its a little harder to patch software and get it sent out to billions of people than it is to fix your own website.Not to say M$ does a good job I just think your comparing oranges to apples.
    That which does not kill me makes me stronger -- Friedrich Nietzche

  3. #3
    Member
    Join Date
    Dec 2004
    Posts
    48
    Why Microsoft DOESN'T have to learn: Google, being the new 600lb gorilla in the forest, has to compete to stay viable. Microsoft has a virtual monopoly over home and business desktop environments. When you have a monopoly, you don't have to service the customers....you OWN the customers.

    The climate is changing, though. Hopefully Vista will bomb and more open source initiatives will take a foothold.
    Blankety Blank Blank Blank!

  4. #4
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Originally posted here by S3cur|ty4ng31
    Well Id say its a little harder to patch software and get it sent out to billions of people than it is to fix your own website.Not to say M$ does a good job I just think your comparing oranges to apples.
    Heh, I meant the prompet responce not the deployment of the fix ....
    Even for a website, MS has a flow in thier update website {Genuine Validation}, Why they did not fix it yet? Is it solely lazyness .... man, this is what I mean!

    Cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  5. #5
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    Hmmm ... Just updated my laptop's WinXP OS on the MS web site (using the Genuine Validation). No problem.

    System rebooted. No problem.

    BC, I agree with SecurityAngel, you're comparing apples to oranges.

    Fixing some cross-site scripting issues in some forms is not the same as finding an obscure overflow condition somewhere in billions of lines of code, fixing it and then getting it out to all of us users.

    Beats the heck outta running a Solaris8 kernel patch (three hours downtime, here).

  6. #6
    Senior Member
    Join Date
    Sep 2005
    Posts
    221
    Originally posted here by Black Cluster
    Heh, I meant the prompet responce not the deployment of the fix ....
    Even for a website, MS has a flow in thier update website {Genuine Validation}, Why they did not fix it yet? Is it solely lazyness .... man, this is what I mean!

    Cheers

    "Pull down your pants and bend over, I'm going to service the account."
    Definitions: Hacker vs. Cracker
    Gentoo Linux user, which probably says a lot about me..
    AGA member 14460 || KGS : Trevoke and games archived

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides