Exploit working again for some?
I seem to be getting what appears to be successful google exploits coming in again, I don’t know if this is because of proxy caches, or some google boxes haven’t been patched, or just because the logs are making other requests look like google ones. But a reasonably steady request for the javascript files with google referrers. and then subsequent hits to the steal uri just like the pattern when it was working for me are coming in.
Still appears patched for me though - Netcraft however say they’ve found another though, not surprising, but lets hope google are little faster at fixing it this time - Turns out my 2 years was actually an undersestimate, in May 2002 I posted it to usenet, and that was months after I’d let google know.
November 30th, 1999 at 12:00 am
See.. it’s not only Microsoft with security problems! :) I guarantee every system has security problems, and the bigger your are, the more (professional level, like Jim) people will find the exploits and holes. Whats disturbing is that Google must have thought that their ’stuff’ doesn’t stink as they didn’t have any way to contact them about issues like this (no email and phone) to address security issues.. Whats AMAZING is that they could come up with a desktop search that integrates with the web and think it DOESN’T have the possibility of an exploit!
November 30th, 1999 at 12:00 am
On the 21th I got an e-mail from another Citibank phishing scam exploiting Google’s URL parshing this time it seems. At first I contacted Microsoft about this because I thought it was a Microsoft issue but not anymore! They forwarded it to Google. After reading the C|Net news on http://news.com.com/Google+fixes+security+hole/2100-1038_3-5420211.html I am not convinced.
November 30th, 1999 at 12:00 am
I don’t normally post my e-mail, but in this case I am if you want to contact me for the details. The Citibank phishing scam URL is http://www.google.com/url?q=http://www.google.com/url?q=http://www.google.com/url?q=%%%3348%%374%%374%%370%%3%33A%%32f%%32Fsojsrew3e.com*21806.%%%3344%%%3341%%%332e%%3%352%%%3375%%3%32f%%%333Fxee53g7j7i1z2q3a1×13pftrCcPgG4×92c but as of today it seems one of those strange servers it contacts it’s finnaly refusing a connection. Maybe someone is actually doing something about it?
November 30th, 1999 at 12:00 am
Well I thought I posted my e-mail, but hey not all blogs are perfect. :)
November 30th, 1999 at 12:00 am
Nevermind, spoke to soon. It’s working again.
October 24th, 2004 at 10:56 am
The citibank problem is a slightly different one, Google has some code so that when you type a url into the google toolbar it redirects you to that page - but to do this it needs to go via google, the citibank phishers are using this code to make the link to the phishing site go through google - it’s not an actual flaw in googles site, it is perhaps a bad idea for google to offer the service at all, as you say it can aid phishers - Google’s very high trust means things which other people can get away with, google should probably think twice about - google could fix this one by having the google toolbar itself detect that a url had been entered and redirect directly.
Oh and the email was stored, It just doesn’t get displayed anywhere.