SEO News
Search

Security Issue With Google Accounts Cookie Said Fixed

author-default
by , Comments

Google says it has now fixed a security problem with its Google Accounts service, which provides a cookie-based way for people to log into various Google services.

Last Thursday, Google Blogoscope pointed to a forum discussion (and also here) that suggested Google's Froogle service in particular might inadvertently let people access Gmail accounts, because account information embedded in the Google cookie could be hijacked.

I emailed Google about this on Friday and received back the following statement:

Google was recently alerted to a potential security vulnerability affecting Froogle. We have since fixed this vulnerability, and all current and future Froogle users are protected.

Spotted via Organized Shopping, eWeek has a nice write-up in Google Plugs Cookie-Theft Data Leak on what happened, with quotes from Nir Goldshlager, a security research who spotted the hole. He also warns that anyone who had their cookie stolen would still be at risk.


ClickZ Live San Francisco This Year's Premier Digital Marketing Event is #CZLSF
ClickZ Live San Francisco (Aug 11-14) will bring together the industry's leading online marketing practitioners to deliver 4 days of educational sessions and training workshops. From Data-Driven Marketing to Social, Mobile, Display, Search and Email, the comprehensive agenda will help you maximize your marketing efforts and ROI. Register today!

Recommend this story

comments powered by Disqus