Notebook: Google Toolbar flaw; Gmail issues; Microsoft assessment tool

Summary:A roundup of a few security odds and ends over the last two days.Unpatched Google Toolbar flaw presents an ID theft risk.

A roundup of a few security odds and ends over the last two days.

Unpatched Google Toolbar flaw presents an ID theft risk.

Ryan Naraine at eWeek writes:

A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.

Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar.

Microsoft ships security assessment tool

Matt Hines at InfoWorld reports that Microsoft has delivered a new version of its Microsoft Security Assessment Tool.

Hines notes:

The latest iteration of MSAT promises expanded tests for assessing security threats, updated best practices, and an all new Infrastructure Optimization Security Assessment feature.

The free tool is now available for download.

Cenzic finds vulnerabilities in Gmail and IE

In a statement, Cenzic says:

Researchers at Cenzic discovered that a possible cross-site request forgery, in combination with the improper use of caching directives, could lead to cross-site scripting and leakage of sensitive information. A hacker could exploit this vulnerability to access a target's confidential information. These vulnerabilities could also be exploited such that all users of a shared computer, who use Internet Explorer and share a user account -- a common practice at computer kiosks in a library or Internet café -- could be vulnerable.

Topics: Laptops, Collaboration, CXO, Google, Microsoft, Mobility, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.