Google Closes Blogger Security Holes

Friday, 7 March 2003, 1:23 PM EST

Internet search giant Google confirmed this week that it closed several security holes that could have allowed hackers to substitute their own musings for any of the over one-million electronic diaries maintained through the popular "Blogger" online publishing tool.

The vulnerabilities were typical of Web application security weaknesses that have plagued e-commerce sites for years, according to hacker Adrian Lamo, who discovered the holes and passed the details to San Francisco-based Pyra Labs in January. Pyra, creator of Blogger and the related hosting site BlogSpot, was acquired by Google last month.

Lamo demonstrated the most serious vulnerability to SecurityFocus by replacing a reporter's skeletal BlogSpot weblog with one of his own. Before that, the hacker says he tested the technique on two other existing weblogs that had been abandoned, but that he resisted the temptation to replace any of the high profile journals hosted on the site -- one is operated by humorist Dave Barry, another by CNET Radio -- out of respect for the company. "I was tempted to do both of them," says Lamo. "Had Pyra been a less wholesome operation, I might have shown less restraint."

[ Read more ]




Spotlight

Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jul 3rd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //