Google fixes security flaws in Google Mini
Another major instance of a security bug in a Google Application. Just recently, Google had to fix some major security flaws in their recently launched Google Base web service. Now, the latest news in claims that they had to fix some serious security flaws in their Google Mini search appliance. The search engine giant targets this appliance at medium level organizations for their local intranet and corporate searching.
The flaws in this appliance could have allowed attackers to execute malicious code, carry out cross-site scripting or a port scan, or discover files on the target system, according to security researchers. Google Mini is a scaled down version of the Google Search Appliance, which is targeted at larger sized organizations.
The bug in Google Mini was publicly revealed on Monday by HD Moore of the Metasploit Project. The reports say that the company was informed about this flaw in June and they had applied these fixes in August itself. Metasploit said in a statement: “The Google Search Appliance search interface uses the ‘proxystylesheet’ form variable to determine what style sheet to apply to the search results. This variable can be a local file name or a HTTP URL.â€
Moore also added that Google had been responsive and had worked quickly to fix the problems. The company asked Metasploit’s researchers to sign a restrictive NDA as a condition of supplying a Google Mini unit for verifying the fixes.