December 19th, 2007

Notebook: Google Toolbar flaw; Gmail issues; Microsoft assessment tool

Posted by Larry Dignan @ 4:19 am

Categories: Google, Hackers, Microsoft, Uncategorized, Vulnerability research

Tags: Google Toolbar, Google Inc., Google Gmail, Notebook, Vulnerability, Toolbar, Cenzic Inc., Microsoft Corp., Tool, Flaw

A roundup of a few security odds and ends over the last two days.

Unpatched Google Toolbar flaw presents an ID theft risk.

Ryan Naraine at eWeek writes:

A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.

Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar.

Microsoft ships security assessment tool

Matt Hines at InfoWorld reports that Microsoft has delivered a new version of its Microsoft Security Assessment Tool.

Hines notes:

The latest iteration of MSAT promises expanded tests for assessing security threats, updated best practices, and an all new Infrastructure Optimization Security Assessment feature.

The free tool is now available for download.

Cenzic finds vulnerabilities in Gmail and IE

In a statement, Cenzic says:

Researchers at Cenzic discovered that a possible cross-site request forgery, in combination with the improper use of caching directives, could lead to cross-site scripting and leakage of sensitive information. A hacker could exploit this vulnerability to access a target’s confidential information. These vulnerabilities could also be exploited such that all users of a shared computer, who use Internet Explorer and share a user account — a common practice at computer kiosks in a library or Internet café — could be vulnerable.