The Inquirer-Home

Google's Firefox has plug-in security flaw

All your data are belong to Google
Fri Dec 16 2005, 07:34
SEARCH ENGINE outfit Google's new extension for “safe browsing for Firefox” might protect you from spoofing, but is a security risk, according to a security expert.

Nitesh Dhanjani said that Google claims that its Firefox extension protects you from phishing or spoofing. It works by using a blacklist containing pages that have been identified as suspicious and/or misleading based on automated detection or user reports. It also examines pages' content and structure in order to catch potentially misleading pages.

However when Dhanjani had a look at the traffic the extension sent to Google he was surprised to discover how much it was actually sending in clear text which made it a doddle to sniff off the wire.

He said that the extension sends the entire GET request to Google. If a web application were to send private information via GET parameters, this will now be transmitted to Google. The net result is that Google, and anyone who may be watching ends up with a pile of your personal data.

More here. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?