Sunday, 19 April 2015

This year’s April Fools prank accidentally broke Google’s own security

Every year, search giant Google comes up with something special for April Fools Day, and this year was no exception, with the company’s website coming out reversed. However, what’s different this year was that the prank inadvertently broke the website’s security.
“The prank compromised the site’s own security by omitting a crucial header that makes it vulnerable to user interface redressing attack, such as click-jacking,” said UK research firm Netcraft, which was the first to discover the vulnerability.

For those who aren’t in the know, click-jacking is a technique wherein an attacker tricks a Web user into clicking on something different from what they perceive they are clicking on, thus potentially revealing confidential information or taking control of their computer. “This vulnerability would have allowed a remote attacker to change a user’s search settings, including turning off SafeSearch filters,” the research firm said.
Netcraft reported the vulnerability to Google, and it has quickly been patched.

No comments:

Post a Comment