Google Closes Blogger Security Holes

Friday, 7 March 2003, 1:23 PM EST

Internet search giant Google confirmed this week that it closed several security holes that could have allowed hackers to substitute their own musings for any of the over one-million electronic diaries maintained through the popular "Blogger" online publishing tool.

The vulnerabilities were typical of Web application security weaknesses that have plagued e-commerce sites for years, according to hacker Adrian Lamo, who discovered the holes and passed the details to San Francisco-based Pyra Labs in January. Pyra, creator of Blogger and the related hosting site BlogSpot, was acquired by Google last month.

Lamo demonstrated the most serious vulnerability to SecurityFocus by replacing a reporter's skeletal BlogSpot weblog with one of his own. Before that, the hacker says he tested the technique on two other existing weblogs that had been abandoned, but that he resisted the temptation to replace any of the high profile journals hosted on the site -- one is operated by humorist Dave Barry, another by CNET Radio -- out of respect for the company. "I was tempted to do both of them," says Lamo. "Had Pyra been a less wholesome operation, I might have shown less restraint."

[ Read more ]




Spotlight

More than a third of employees would sell company data

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jul 31st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //