It was revealed, not too long ago, that Google’s blogger.com account had experienced a major security vulnerability. Let’s take a closer look at this important security lapse which has proven to be fatal to all the blogger accounts. The security lapse creates a hole that allows anyone to gain access any blogger account. Technically speaking it is referred to as ‘HTTP parameter pollution vulnerability.’ And as you might have guessed, the problem stems from granting permission.
Basically a hacker could easily appoint himself as an author, first using this threat and then becoming the administrator of that account. What this means for you is that you will lose access to your accounts with no hope of recovery. This information hails from Nir Golshlager who has been extremely successful in finding the security vulnerabilities. Nir was asked to participate in the Google rewards program and eventually found some genuinely serious threats.
Hard to believe? Well the proof can be found in the upcoming video demonstration at the end of this post. Blogger.com uses a parameter called memberID value which was used to exploit and hack into accounts. Once again, the hacker adds himself as an author on the blog and then accesses the account using the memberID parameter, becoming an administrator.
You can watch the video presentation of Nir here
Note: This was first reported by Nir Goldshlage to the Google team and I am only discussing his findings here. I do not claim this finding and it is owned by the aforementioned person.
Post a Comment
What's On Your Mind