Intranet Journal   Earthweb  
Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts

   Intranet Journal Subjects
Search Earthweb

Privacy Policy



internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet commerce
Be a Commerce Partner
















 

[ Home | Discussion Forum | How Do I... | Lotus Notes Intranets | Microsoft SharePoint | Products | Shopping  ]

free news!


Google on Security Alert

Sean Michael Kerner
1/4/2007

Go to page: 1 2  Printer Friendly Version

Though the New Years holiday was a long vacation for many, it was a long work weekend for those in Google's security operations.

A flaw was reported and fixed over the weekend, and there are allegations in the wild that a new crop of security issues may still exist.
Recent Intranet Journal Articles
Intranet Journal Product of the Year Awards

SharePoint Governance, Part 1

ISYS Lauded, Open Text Humming Along

Oracle Snares Stellent for Content Management

FREE IT Management Newsletters

Heather Adkins, information security manager at Google, said in a statement e-mailed to internetnews.com that over the holiday weekend Google was notified of a vulnerability that spanned multiple Google products.

"We were first notified that this issue affected Google Video and fixed it within a few hours of receiving the report," Adkins stated. "We were then notified that the same issue affected other Google products. The problem with the other products was resolved within 24 hours of the second report. To our knowledge, no one exploited the vulnerability and no users were impacted."

The vulnerability, if exploited, could have allowed Google users' Gmail contact lists and other information to be exposed to malicious attackers. Adkins noted that the vulnerability related to how Google uses certain JSON (JavaScript Object Notation) (define) object within some of its product code.

"The fix we employed made sure the objects could not be abused," Adkins said. Google engineer Matt Cutts wrote in a blog that Google fixed the JSON vulnerabilities with a number of different approaches.

"On some of them, we immediately fixed the code to properly stop JavaScript," Cutts wrote. "On others, the urls were blocked until the next push of that service will happen."

Cutts noted that since the issues were server side, as Google's applications are Web-based, the fixes were deployed much faster than they would have been had the vulnerabilities appeared client-side.

"Even this situation (where several Google properties needed to be changed) yielded a much faster fix than patching so many client-side applications, and much of this was happening on New Year's Eve and New Year's Day when most normal people are sleeping off the night before," Cutts wrote.

Google has a solid track record of fixing vulnerabilities rapidly, especially of late. In mid-December Google moved quickly ahead of a weekend to fix an alleged flaw in its money-making AdWords solution.

In that case the security researcher alerted Google before the vulnerability was publicly disclosed, a move that Google applauded.

Responsible disclosure is something that Google's Adkins is certainly very keen on. "We strongly encourage anyone who is interested in researching and reporting security issues to follow responsible disclosure practices, including giving vendors ample time to respond to reports," Adkins commented.

Go to page: 1 2 

Printer Friendly Version


Other Resources
from Intranet Journal
  • Intranet Journal Discussion Forum
  • Intranet Journal Product of the Year Awards
  • SharePoint Governance, Part 1
  • ISYS Lauded, Open Text Humming Along
    • from JupiterWeb

    email this page

    Tutorials
    and more at:
    Intranet Journal's Tutorials
    Intranet Journal Favorites

    Creating a PHP-Based Content Management System

    The Spyware Guide

    Introduction to Microsoft SharePoint Portal

    Intranet Journal
    Part of the EarthWeb Network

    Managing Editor
    Intranet Journal
    Tom Dunlap

    EarthWeb Home Page
    Jupitermedia Home Page

    Media Kit




    The Network for Technology Professionals

    Search:

    About Internet.com

    Legal Notices, Licensing, Permissions, Privacy Policy.
    Advertise | Newsletters | E-mail Offers

    Solutions

    Whitepapers and eBooks

    Microsoft Personalized Whitepapers and Resources for You
    Article: Why Migrating from MySQL to SQL Server 2008 Makes Sense
    Articles: Build a More Agile Business with IBM
    Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
    Microsoft Article: Windows 7 Features Your Clients Will Need on Day One
    		Articles: IBM Helps Transformation to an Information-Based Enterprise
    Microsoft Articles: Visual Studio 2010
    Adobe Article: Java Developers Finding a Home at Adobe Flex
    MORE WHITEPAPERS, EBOOKS, AND ARTICLES

    Webcasts

    Webcast: Connecting PHP to Microsoft Technologies
    Video: Windows Azure Debugging Tips
    		 MORE WEBCASTS, PODCASTS, AND VIDEOS

    Downloads and eKits

    Ready. Set. Windows 7.
    HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
    Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
    Get the Windows 7 SDK
    		 Free Trial: Red Gate SQL Backup Pro 6
    Iron Speed Designer Application Generator
    MORE DOWNLOADS, EKITS, AND FREE TRIALS

    Tutorials and Demos

    Learn Unified Communications
    BlackBerry Application Development Resources
    Learn SQL Server 2008
    Learn Windows Server 2008 R2
    Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
    		 Learn Forefront
    Learn System Center
    All About Botnets
    Learn SharePoint
    MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES