Advisery Warningt Issued Against Google's Gmail and Microsoft's Internet Explorer
- By Grey McKenzie
- Published 12/18/2007
Grey McKenzie
National Cyber Security Founder
Cyber security watchdog & one of the nation's leading cyber security experts, Grey McKenzie is also the Founder of SpyCop Security Software.
His clients include members of the Department of Homeland Security, FBI, CIA, State & Local Law Enforcement.
He is regularly consulted by industry leaders regarding cyber security issues.
To schedule a procedural, technical and non-technical network security audit of your company call 902-467-0200
Security vendor Cenzic has issued an advisory warning against alleged vulnerabilities in Google's Gmail and Microsoft's Internet Explorer.
The vulnerabilities involve potential Cross-site Request Forgery (CSRF) and Cross Site Scripting (define) attacks that could be used to take users' information.
In the case of Gmail, Cenzic alleges that the CSRF exists for addresses that display attachments. With Microsoft's IE, the company said the problem is with how caching occurs which could lead to a XSS attack. Cenzic alleges that the user's cache could be exploited across shared accounts on the same PC.
"Google takes security issues very seriously and will respond swiftly to fix verifiable security issues," Google responded in an e-mail reply to InternetNews.com about the report. "When properly notified of legitimate issues, we do our best to acknowledge every report, assign resources to investigate them, and fix potential problems as quickly as possible."
Full Story