« Tips On Google's One Ad Per Merchant Per Query Policy | Main | Questions When Hiring An SEM Firm »

January 17, 2005

Security Issue With Google Accounts Cookie Said Fixed

Google says it has now fixed a security problem with its Google Accounts service, which provides a cookie-based way for people to log into various Google services.

Last Thursday, Google Blogoscope pointed to a forum discussion (and also here) that suggested Google's Froogle service in particular might inadvertently let people access Gmail accounts, because account information embedded in the Google cookie could be hijacked.

I emailed Google about this on Friday and received back the following statement:

Google was recently alerted to a potential security vulnerability affecting Froogle. We have since fixed this vulnerability, and all current and future Froogle users are protected.

Spotted via Organized Shopping, eWeek has a nice write-up in Google Plugs Cookie-Theft Data Leak on what happened, with quotes from Nir Goldshlager, a security research who spotted the hole. He also warns that anyone who had their cookie stolen would still be at risk.

Posted by Danny Sullivan at January 17, 2005 9:45 AM

• Stumble It!
• Digg this!
• Add to del.icio.us
• 

Trackback Pings

TrackBack URL for this entry:
http://post.blog.searchenginestrategies.com/cgi-bin/mt/mt-tb.cgi/5570