Google Closes Blogger Security Holes

Friday, 7 March 2003, 1:23 PM EST

Internet search giant Google confirmed this week that it closed several security holes that could have allowed hackers to substitute their own musings for any of the over one-million electronic diaries maintained through the popular "Blogger" online publishing tool.

The vulnerabilities were typical of Web application security weaknesses that have plagued e-commerce sites for years, according to hacker Adrian Lamo, who discovered the holes and passed the details to San Francisco-based Pyra Labs in January. Pyra, creator of Blogger and the related hosting site BlogSpot, was acquired by Google last month.

Lamo demonstrated the most serious vulnerability to SecurityFocus by replacing a reporter's skeletal BlogSpot weblog with one of his own. Before that, the hacker says he tested the technique on two other existing weblogs that had been abandoned, but that he resisted the temptation to replace any of the high profile journals hosted on the site -- one is operated by humorist Dave Barry, another by CNET Radio -- out of respect for the company. "I was tempted to do both of them," says Lamo. "Had Pyra been a less wholesome operation, I might have shown less restraint."

[ Read more ]




Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //