According to experts, security flaw in Google search engines would expose Web site, which is using the products to information-stealing phishing attacks.
Organizations like banks and universities are using the Google Search Appliance and Google Mini for adding search features on Web sites. The systems handle certain characters in a flaw, which makes it possible to craft a Web link and looks like it points to a trusted site, but when clicked serves up content from a third, potentially malicious site. The vulnerability affects will provide cybercrooks a hook for phishing attacks, scams, and try to trick people into giving up sensitive information like credit card data and Social Security numbers. The phishing scams usually use spam e-mail with a link to a fraudulent Web site.
According to company spokesperson, Google found the problem few days back only, and the company has notified all customers and provided all instructions to project their appliances.
According to Jeremiah Grossman, chief technology officer at WhiteHat Security, the cross-site scripting problem involves the 7-bit Unicode Transformation Format (UTF) character encoding, which is specialised in Web Application.
Via: ZD Net Asia
