Saturday, October 06, 2007

Google faces hacker threat

Govt Says Search Engine, Email And Photo-Sharing Software Vulnerable

TIMES NEWS NETWORK

New Delhi: You may need to be careful when you next log in to your Gmail account. Government has sounded an alert that the popular Google system, including its search engine, email and photo-sharing software, has reported “multiple vulnerabilities”.

The prime official agency on computer security has issued an advisory that these Google products, and others like its Blogspot, have loose ends. Indian Computer Emergency Response Team (CERTIN), working under the department of information technology (DIT), has also noted a “persistent email theft issue” affecting the popular Gmail service.

The advisory has been put on CERTIN’s website — www.certin.org.in — amid reports that many government websites and emails of senior Union ministers and officials were being hacked.

CERTIN’s director Gulshan Rai refused to specify factors that led to the advisory but said it was backed by valid reasons. “We work on the principle of complete confidentiality. I cannot tell you any more than the advisory which is in the public domain,” Rai said.

Google India’s R&D head Prasad Ram recently announced that its vision for India was to empower users “by providing organised, easily accessible information and products which encourage the creation and consumption of locally relevant content”. The IT major’s media managers said they were examining the advisory and would respond soon.

An active Indian white hat — a hacker who operates in an “ethical or legal” domain on cyber security tasks — said while hacking was an ongoing activity, he was not aware of the Google system turning vulnerable. As opposed to white hats, black hats indulge in activity that is criminal in nature while there is also a community of grey hats who, as might seem obvious, stride both fields.

CERTIN claimed that cross-site scripting (XSS) vulnerabilities — of “high” severity rating — have been reported in Google. XSS, it said, occurred when a web application gathered malicious data from a user. “The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message,” CERTIN explained.

CERTIN aims to become the “most trusted referral agency of the Indian community” for responding to computer security incidents as and when they occur.

WATCH OUT

Don’t click links on unknown web pages or in unsolicited emails
Disable all scripting languages in web browsers
Check out your filter list in Gmail settings for any unwanted filters
Install patches for browser in a timely manner
Disable Google Search till Google issues a patch to resolve the matter


The Times of India

No comments:

Post a Comment