Problems in Custom Search Engines
Custom search engines are offered by the major online search providers to give site maintainers an easy-to-use search engine that site visitors can use to search their site and the Internet at large.
The ongoing Month of Search Engine Bugs has uncovered vulnerabilities that are affecting the custom search engine solutions from both Google and Yahoo! For an otherwise secure site, the presence of these third party extensions could represent a significant security threat that will allow an attacker to capture sensitive user data (from cookies) or perform arbitrary XSS or HTML injection attacks.
Site administrators should weigh up the risks and benefits of using third party code on their sites, irrespective of the source.
16 June 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.