Google Fixes Adwords Security Flaw

REALTIME IT NEWS

Blogs | 7 Day Summary | JustTechJobs

Hardware
- Apple off to a Smooth Start ...
- AMD Planning Netbook Chip ...
- Intel, AMD Seen Headed for ...
Software
- Apple Safari Update Tackles ...
- IDC Says the Cloud Ready for ...
- CA Acquires Cloud Vendor ...
Mobility
- Windows Mobile Still Losing ...
- Will iPhone OS Finally ...
- Bing Coming to Motorola ...
Web Content
- Twitter Takes Geo-Location ...
- Awareness Helps Firms Manage ...
- Microsoft Gives MSN Home ...
Search
- Bing Makes Strides But ...
- Google, Microsoft & Yahoo ...
- Ballmer Happy With Bing's ...
Government
- FCC Broadband Plan to ...
- FCC Mulling Free Broadband ...
- China Claims Google Didn't ...
Developer
- SpringSource Adds VMware to ...
- Digg Dumps MySQL for ...
- NoSQL Supporters Challenge ...
Business
- Microsoft Loses Another ...
- Google Offers Local Product ...
- Billionaire Club Includes ...
Storage
- Symantec Takes on ...
- Google Highlights Disaster ...
- Oracle Drops Hitachi Storage ...
E-Commerce
- Firms Casting a Wide Net for ...
- CyberSource, ThreatMetrix ...
- Apple's iTunes Hits 10 ...
Networking
- Cisco Unveils Blazing Fast ...
- Cisco Driving Security With ...
- Citrix NetScaler Thinks ...

Blogs
Most Popular
Hot Topics
Opinion

Comcast CEO defends NBC deal, unsure on Hulu

Time for Google's Eric Schmidt to go?

Firefox 3.6.2 Coming March 30th - Where is 3.6.1?

First Fedora 13 Linux Alpha Shows Promise

Mozilla Apologies Over Jetpack Mockup Design

Does Oracle Losing Sun's Open Source Chief Matter?

Google Summer of Code 2010 Kicks Off

400,000+ lines added in Linux 2.6.34-rc1 kernel

Microsoft's Linux Patent Scare Trumps SCO

Feds tapping Google, PayPal, Equifax for trusted logins

[ More ]

Subscribe
Learn More
Stats
Contact Staff

Select a newsletter and click Join to sign up!

InternetNews.com Podcast

InternetNews.com
Channel XML/RSS Feeds

Enterprise IT Planet News

Click a Topic to Expand

The Social Web

The New Idiot Box

Feeling the Need for RSS Feeds

Web Services Management

Web services: Evolution or Revolution

Making Money Off The Social Web

The Lure of The Social Network

The Privacy of Social Networking

My Grand Google Obsession

Coding Google's Future

Google Fun in The Summer

Google Pushes Apps

Google's Data Ambitions

Google's IPO

Google's Way With Words

Google, Opponents Square Off in DoubleClick Bid

Microsoft's Past Present And Future

The Vista Ripple Effect

A New Era For Microsoft

Eolas, Microsoft Duke it Out over ActiveX

Microsoft Preps Security Makeover for XP

Microsoft's Security Challenge

Microsoft's Storage Ambitions

Microsoft, AOL Become Partners

Microsoft/Yahoo: Can It Work?

Sun, Microsoft Bandage Old Wounds

The Next Microsoft Era

Truth Time at Microsoft's PDC

XML, Microsoft Threaten Adobe's PDF Format

Will Office 2003 Change Everything?

Mobile Universe

Motorola in Trouble

City-Wide Wi-Fi

Connected in The Windy City

Ultrawideband in the Home

Wi-Fi's Hotspots

CTIA in The Big Easy

Technology, Policy and Politics

3G at Home and Abroad

The Competitive Mobile Landscape

CTIA: A Wireless World in Sin City

Gadget Fest: CTIA Wireless 2008

Wireless Policy in Washington

Cradle to Grave Information Management

Disaster Recovery and Continuity

The Storage Compliance Boom

Compliance, Regulation And Storage

Calling all Clusters, Supercomputers

Betting on BPM

Database Software Continues to Evolve

Tech's Legal Battles

Google in Court

RIM Has Patent Issues

Microsoft In Court

Technology in the Courts

End of the IE Antitrust Case

Microsoft's Legal Struggles

The AMD/Intel Antitrust Showdown

A Patent Battle on eBay Territory

Google, Microsoft and Yahoo's Three-Way Search Battle

Calling Net Neutrality

Microsoft's EU Blues

Vonage on The Patent Hot Seat

Platforms and New Packages

VMware and the Virtualization Craze

Virtualization for All

SOAs in The Enterprise

Application Server Biz on the Rebound

Curtain Drawn on Windows Server 2003

SaaS in The Market

Struggling to Stay Atop the Server Market

Web Standards Bodies Fight for Freedom

Open Source Ecosystem

Microsoft: Loosening the Grip on Source

Showcasing Java

Sun a 'Tiger' at JavaOne

The Future of Java

GPL: Software Freedom Redefined

Linux in the Enterprise

Linux on the Desktop

LinuxWorld 04: A More Mature Tux

LinuxWorld Storms San Francisco

LinuxWorld Takes Boston

LinuxWorld by the Bay

Oracle's Linux Realm

SCO Declares War on Linux

The Growth of Linux-Based Storage

The Linux Kernel

Novell, Microsoft in Open Dance

Open Source Open for Business

Open-source Databases Gathering Steam

Oracle Plants Flag at OpenWorld 2006

Evolution of Search

Competing for the Search Lead

Enterprise Search Ready for Prime Time

Mobile Search Takes Flight

Racing To Dominate Desktop Search

Search And Censorship

Search Engine Optimization

Search Meets Mapping

Thinner Slices of The Paid Search Pie


Partner With Us

Google Fixes Adwords Security Flaw

The flaw could subject users to page hijacking, defacement or worse.

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

December 15, 2006
By Sean Michael Kerner: More stories by this author:

Google AdWords advertisers can rest easy this weekend, secure in the knowledge that Google has acted quickly to fix a potential cross-site scripting security vulnerability.

Adwords is Google's principal source of revenue, allowing advertisers to buy pay-per-click or impression-based advertising on Google and content sites affiliated with Google.

The vulnerability was an HTTP Response Splitting flaw in the Adwords interface that could have triggered cross-site scripting (XSS), defacement, hijacked pages or other attacks against Google Adwords advertisers.

According to the description of the flaw posted by security researcher Debasis Mohanty, the HTTP Response Splitting flaw becomes possible when the user input is injected into the value section of the HTTP header without properly escaping/removing CRLF (carriage return line feed) characters, which can lead to two HTTP responses instead of one response.

Dropping Google Bombs Against Hate
Google Catches Phishing Flaw in Appliances
Google Opens Up AJAX
Google's Search For Patents
Google to Sell Domain Names

Instead of publishing the flaw as a zero day exploit, Mohanty first submitted the flaw, with a proof of concept, to Google on November 20.

Google confirmed that the flaw was valid the following day but Mohanty just disclosed the flaw, which Google fixed, this week.

"Google was alerted to this issue and we worked quickly to fix the problem, which was resolved prior to the initial publication," Google spokesperson Barry Schnitt said in a statement.

"We have no reports of exploits and applaud the reporter for following responsible vulnerability disclosure practices."

LATEST NEWS

Google Warned Against Challenging China's Laws

Apple's COO Tim Cook Gets $22M Pat on the Back

Twitter Takes Geo-Location Feature Live

McAfee's Got the Skinny on Scareware

Microsoft Loses Another Round in i4i Case

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

xSP Archives | 7 Day InternetNews Summary | Contact Sean Michael Kerner | Back to top

Add internetnews.com
to your browser search box.

IE 7 |

Firefox 2.0 |

Firefox 1.5.x

Receive news
via our XML/RSS:
feed

More InternetNews.com

Hardware	Software	Mobility	Web Content
Microsoft Veteran Thacker Scores Turing Award Apple's Flash Feast Could Crimp SSD Sales Datacenter Growth Seen for 2010	Is Windows 7 Service Pack Coming in Q4? Microsoft-Sponsored CodePlex Moves Ahead Microsoft Office 2010 Has Add-in Catch	Verizon to Have 4G Handsets in Mid-2011 Apple Seen Gearing Up for More Patent Fights Microsoft: Windows Phone 7 More Than an OS	Twitter Surpasses 70,000 Apps Viacom Yanking 'Daily Show,' 'Colbert' From Hulu Google, Microsoft & Yahoo Tout Real-Time Results
Search	Government	Developer	Business
Google Snaps Up Picnik Google Faces EU Investigation Yahoo, Microsoft Finally Begin Search Integration	Reform Comes Slowly at the FCC GOP Lawmakers Blast Broadband Stimulus Efforts Durbin to Introduce Internet Freedom Bill	NoSQL Supporters Challenge Relational Databases Google Unveils Apps Marketplace Top Spot at W3C Goes to Former Novell Exec	IDC Says the Cloud Ready for Prime Time Intel, AMD Seen Headed for Lift in Q1 Earnings Tech Stocks Rally Ten Years After Topping Out
Storage	E-Commerce	Networking	Security
Major Tech Firms Back Online Health Care IBM Offers Mainframe Data Deduplication Double-Take Offers Disaster Recovery to EC2	Apple's iTunes Hits 10 Billion Download Mark Google Upgrades DoubleClick Ad Server Mobile e-Commerce Market Accelerating	Domain Name Registrations Kept Growing in 2009 Nortel Gets $282 Million for Carrier VoIP Biz Juniper Diving Deeper Into Networking Research	Researcher Releases Exploit for IE Zero-Day Hole HSBC Breach Exposes 24,000 Clients' Data IBM Tops In Customer Privacy: Poll

New Openings

Risk Developer - C# - T-SQL - ASP.Net (IL) SALES EXECUTIVE - Technology Sales - New Business (NoCA) Data Warehouse Architect (IL)

Senior Developer – C# - C++ - Python - .Net - SQL Server (IL) Systems Engineer Sr – Automation – Opsware SAS / HP SA Database Architecture Manager (NYC)

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Intel Whitepaper: 2010 Intel Core vPro Processors Overview
Article: Adobe Helps PHP Developers Create Rich Internet Applications
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
Microsoft Whitepaper: Improve Communications and Collaboration

Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Micro Focus Webcast: Boosting the Impact and Effectiveness of Software Development QA and Testing
Microsoft Webcast: Simplified Access and Single Sign-On

Intel Video: 2010 Intel Core Processor Technologies
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Adobe Download: Tour de Flex Application and Explore Flex
Get Started: Create Applications Without Infrastructure Limits with the Windows Azure Platform
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us

Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Free Adobe Online Flex Training: Check Out this Video Training Course Here
Develop Cloud Applications - Get Started Now with the Windows Azure Platform
Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

Join the Intel AtomDeveloper Program: Develop and sell netbook applications!
Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

RELATED ARTICLES