While
we may have loved the digital pranks by Google on April Fool’s Day, not
everyone’s still smiling about them. One such joke that displayed all
the content backwards is said to have broken down Google’s security. As
part of the prank, the search giant displayed the words, results, images
and just about everything backwards.
According
to researchers at Netcraft, the prank compromised the site’s own
security by omitting a crucial header that makes it vulnerable to user
interface redressing attack, such as click-jacking.
Basically,
click-jacking tricks users into performing actions like changing their
user preferences. The glitch in the prank would have allowed malicious
minds to take advantage of this omission to change user settings and
even turn off SafeSearch filters.
“The
issue stemmed from the way com.google used an iframe to display
backwards content from google.com. This would not normally be possible,
as google.com uses the X-Frame-Options HTTP response header to prevent
other websites from displaying itself within an iframe. But for the
purpose of the April Fool’s joke, Google stepped around this problem by
passing the parameter “igu=2″ to google.com, which not only told it to
display the content backwards, but also instructed the server to omit
the X-Frame-Options header entirely,” Netcraft explained.
Netcraft has reported this issue to Google and you’ll be glad to know that it has been resolved.
Posted by : Gizmeon
No comments:
Post a Comment