A security researcher known by the online handle of “Inferno” discovered a cross-site scripting ( XSS) vulnerability in mid-April affecting a range of Google services like Gmail, Google Documents, iGoogle, and Analytics.
The flaw involved Google’s Support Python Script enabling hackers to steal session cookies. Because Google.com uses a single sign-on cookie for all its personalized services, a hacker could have gained access to users’ emails, contacts, documents, website code and analytics—anything Google users might have stored on Google servers.
While that’s a terrifying for scenario for many, Inferno took the moral path and quietly reported the vulnerability to Google instead of selling that information on the black market. To Google’s credit, Google was on the job less than an hour after receiving the report, even late on a Saturday night, and had all Google servers updated by last week, just two weeks later.
(Everything’s relative; the sheer number of servers and programs affected made this a heckuva job. Two weeks can be considered quick, especially since Adobe is still recommending workarounds until they can patch up Reader and Acrobat.)
Around the same time, Google had to act fast to patch up two XSS vulnerabilities in its Chrome browser.
Symantec’s MessageLab reports that websites people trust are increasingly attractive targets for hackers. Once upon a time on the Web, bad neighborhoods of temporary adult websites were considered a hotbed of viral activity. While many sites are still set up for the sole purpose of distributing malware, according to data from last week collected by MessageLabs, only 15.4 percent of domains blocked by security programs for hosting malicious content were less than a year old.
The rest—86.4 percent—were older than that. “It is highly likely that older sites are legitimate sites, while those that are only a week old or less are likely to be temporary sites set up with the sole purpose of distributing malware,” said MessageLabs senior analyst Paul Wood.
And yet, only 3 percent of those blocked for hosting malicious content were under a week old; just 10 percent were under a month old. It’s also unlikely a site set up to distribute malware will reach its first birthday without being discovered. With that in mind, it certainly seems that cybercriminals have shifted their focus toward compromising websites trusted by many, many people.
Security will also be an intense focus as the shift toward cloud computing continues. With all that data in the cloud (i.e., not on an individual’s hard drive), cloud services offered by companies like Google will become increasingly attractive targets.
Google did not return request for comment.