Notebook: Google Toolbar flaw; Gmail issues; Microsoft assessment tool

Notebook: Google Toolbar flaw; Gmail issues; Microsoft assessment tool

Summary: A roundup of a few security odds and ends over the last two days.Unpatched Google Toolbar flaw presents an ID theft risk.

SHARE:

A roundup of a few security odds and ends over the last two days.

Unpatched Google Toolbar flaw presents an ID theft risk.

Ryan Naraine at eWeek writes:

A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.

Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar.

Microsoft ships security assessment tool

Matt Hines at InfoWorld reports that Microsoft has delivered a new version of its Microsoft Security Assessment Tool.

Hines notes:

The latest iteration of MSAT promises expanded tests for assessing security threats, updated best practices, and an all new Infrastructure Optimization Security Assessment feature.

The free tool is now available for download.

Cenzic finds vulnerabilities in Gmail and IE

In a statement, Cenzic says:

Researchers at Cenzic discovered that a possible cross-site request forgery, in combination with the improper use of caching directives, could lead to cross-site scripting and leakage of sensitive information. A hacker could exploit this vulnerability to access a target's confidential information. These vulnerabilities could also be exploited such that all users of a shared computer, who use Internet Explorer and share a user account -- a common practice at computer kiosks in a library or Internet café -- could be vulnerable.

Topics: Laptops, CXO, Collaboration, Google, Microsoft, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Safe Surfing Best Practices

    Keep your browser 'lean and mean'.

    o Don't add extraneous tool bars and plugins
    o Do add Firefox plugins NoScript and AdBlock
    o If at all possible run your browser in a VM snapshot or sandbox
    o Use a decent Email Client (Thunderbird,Kmail,Evolution) with IMAP to read/write your Gmail
    o Lastly, but not leastly, don't do 'stupid things'

    Be Safe
    D T Schmitz
  • Another way with Gmail

    Run it securely from the login - address it as https://www.gmail.com . The same to assure your password etc. is protected when using Google Reader, etc.. I made buttons on the Firefox header to make it easy not to forget.

    This should avoid nasty availability of things in cache, shouldn't it? And then clear the cache anyway, afterwards, if you are on a public machine - 'it's the only way to be sure'.

    Thank you, Ripley.
    Narr vi
    • XSS

      XSS is perhaps the biggest threat (2nd to doing dumb things).
      If you use Gmail be sure to not leave your login session open when otherwise surfing and make the password 'strong' and unique (as in not the same as for all of the site subscriptions you have).
      D T Schmitz