Exploit working again for some?

I seem to be getting what appears to be successful google exploits coming in again, I don’t know if this is because of proxy caches, or some google boxes haven’t been patched, or just because the logs are making other requests look like google ones. But a reasonably steady request for the javascript files with google referrers. and then subsequent hits to the steal uri just like the pattern when it was working for me are coming in.

Still appears patched for me though - Netcraft however say they’ve found another though, not surprising, but lets hope google are little faster at fixing it this time - Turns out my 2 years was actually an undersestimate, in May 2002 I posted it to usenet, and that was months after I’d let google know.


  1. Wayne Bienek Says:

    See.. it’s not only Microsoft with security problems! :) I guarantee every system has security problems, and the bigger your are, the more (professional level, like Jim) people will find the exploits and holes. Whats disturbing is that Google must have thought that their ’stuff’ doesn’t stink as they didn’t have any way to contact them about issues like this (no email and phone) to address security issues.. Whats AMAZING is that they could come up with a desktop search that integrates with the web and think it DOESN’T have the possibility of an exploit!

  2. Jeff Heesen Says:

    On the 21th I got an e-mail from another Citibank phishing scam exploiting Google’s URL parshing this time it seems. At first I contacted Microsoft about this because I thought it was a Microsoft issue but not anymore! They forwarded it to Google. After reading the C|Net news on http://news.com.com/Google+fixes+security+hole/2100-1038_3-5420211.html I am not convinced.

  3. Jeff Heesen Says:

    I don’t normally post my e-mail, but in this case I am if you want to contact me for the details. The Citibank phishing scam URL is http://www.google.com/url?q=http://www.google.com/url?q=http://www.google.com/url?q=%%%3348%%374%%374%%370%%3%33A%%32f%%32Fsojsrew3e.com*21806.%%%3344%%%3341%%%332e%%3%352%%%3375%%3%32f%%%333Fxee53g7j7i1z2q3a1×13pftrCcPgG4×92c but as of today it seems one of those strange servers it contacts it’s finnaly refusing a connection. Maybe someone is actually doing something about it?