Saturday, October 6, 2007

Hacking cloud over Google products

CERTIN (Indian Computer Emergency Response Team) has put out a warning that Google and its products are vulnerable to hacking.

It says: "Multiple vulnerabilities have been reported in a wide range of Google products such as Google Search Appliance, Google (Blogspot) Polls Application, Google's Picasa photo-sharing software, Google's Urchin Analytics service, including a persistent e-mail theft issue affecting the widely used GMail service." Read report here.

Today The Times of India carries a report based on the CERTIN warning; and the report includes quotes from CERTIN director and Google India' R&D head. CERTIN's director Gulshan Rai refused to specify factors that led to the advisory but said it was backed by valid reasons. Google India's R&D head Prasad Ram recently announced that its vision for India was to empower users "by providing organised, easily accessible information and products which encourage the creation and consumption of locally relevant content". Read TOI report here.

CERTIN has put out a few precautions:

- Users should be selective about how they initially visit a web site.
- Don't click links on untrusted web pages or in unsolicited emails.
- Disable all scripting languages in web browsers.
- Users should especially safeguard their browsers by installing patches for their browser in a timely manner.

Though I use the Internet, especially Google and its products, I'm in no way knowledgeable on these technical matters. It's for more tech-literate readers to tell us what one should make out of this. Since Google and its products are very popular, the implications of the warning are quite wide.


  1. > director Gulshan Rai refused to specify factors

    Hmm there's not much even a technical person can speculate based on something as vague as this :)

    One thing in the TOI article was:

    The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message

    So what this means is that a mail can contain a hyperlink that has the text "click here to unsubscribe" or something but the link actually points to something else. Eg Click here for free amazing wallpapers

    So when you get mail from unknown user which looks like spam but may not be but you're not quite sure, keep the mouse over the image or the link, and look at the status bar of your browser to see where its going to and whether that looks authentic.

    Another common theft approach is phishing, where a web page looks exactly like the real one, but is a dummy page. See more details here

  2. I am wondering what this is about.Phishing & teh such is applicable to everybody, why single out Google? In China google I think had to agree to provide search engine results ( some or all i dont know) to the government. Maybe there is some such argument brewing up...