Websense: Google IE toolbar 404 hijacking
February 15th, 2008 Posted/Linked by Shanmuga
"…Another point of interest is how the toolbar handles connection failures. Google says, “When your server is unreachable, the Google Toolbar will automatically display a link to the cached version of your page.” We have previously written about how Google services are being targeted by the black hats for use as a resource to launch their nefarious campaigns.
Consider what would happen if the toolbar sends the user to a cached version of the page (hosted by Google), that *is* malicious. A web page served up by Google’s own web server does not imply that it won’t contain any malicious code. To the average web visitor, a page linked to by Google that is also hosted by Google itself, would probably be safe.
Would the bad guys exploit this trust transitivity factor? We would say yes. " - Content courtesy of Websense® - Blog: Google IE toolbar 404 hijacking
If you enjoyed this post, make sure you subscribe to my RSS feed!
This entry was posted on Friday, February 15th, 2008 at 11:38 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
