A roundup of a few security odds and ends over the last two days.
Unpatched Google Toolbar flaw presents an ID theft risk.
A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.
Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar.
Microsoft ships security assessment tool
Matt Hines at InfoWorld reports that Microsoft has delivered a new version of its Microsoft Security Assessment Tool.
The latest iteration of MSAT promises expanded tests for assessing security threats, updated best practices, and an all new Infrastructure Optimization Security Assessment feature.
Cenzic finds vulnerabilities in Gmail and IE
In a statement, Cenzic says:
Researchers at Cenzic discovered that a possible cross-site request forgery, in combination with the improper use of caching directives, could lead to cross-site scripting and leakage of sensitive information. A hacker could exploit this vulnerability to access a target's confidential information. These vulnerabilities could also be exploited such that all users of a shared computer, who use Internet Explorer and share a user account -- a common practice at computer kiosks in a library or Internet café -- could be vulnerable.