Security Issue With Google Accounts Cookie Said Fixed
Google says it has now fixed a security problem with its Google Accounts service, which provides a cookie-based way for people to log into various Google services.
Last Thursday, Google Blogoscope pointed to a
forum discussion (and also here) that suggested Google’s
Froogle service in particular might inadvertently let people access Gmail accounts, because account information embedded in the Google cookie could be hijacked.
I emailed Google about this on Friday and received back the following statement:
Google was recently alerted to a potential security vulnerability affecting Froogle. We have since fixed this vulnerability, and all current and future Froogle users are
protected.
Spotted via Organized Shopping, eWeek has a nice write-up in Google Plugs
Cookie-Theft Data Leak on what happened, with quotes from Nir Goldshlager, a security research who spotted the hole. He also warns that anyone who had their cookie stolen
would still be at risk.
More about:
The Merkle B2B 2023 Superpowers Index outlines what drives competitive advantage within the business culture and subcultures that are critical to success. It is the indispensable guide for B2B marketers to deliver world-class experiences and keep pace with the dynamic environment. Download Now
The ClicData survey found that various challenges exist that prevent organizations from achieving such gains. These challenges included inaccessible data formats and limited flexibility in displaying data in dashboards. Download Now
The need for fraud prevention in the digital world is critical now more than ever. Why? Thinking about your own behavior, consider how you complete transactions and how this has changed over the last 5 years. Download Now
The need for fraud prevention in the digital world is critical now more than ever. Why? Thinking about your own behavior, consider how you complete transactions and how this has changed over the last 5 years. Download Now