Cache threat through search engine vulnerability.

Aladdin Knowledge Systems : 06 December, 2007 (Technical Article)

Aladdin has uncovered the use of embedded scripts which target cached pages by changing the script and lulling users into false sense of security with previously visited pages.

The Aladdin eSafe CSRT is the first to discover a new vulnerability in the page caching feature of major search engines. It appears that most search engines do not verify the safety of code in Web pages that are cached - and the threat is within this fact -- that these cached Web pages are saved with embedded scripts and HTML code that can also contain various vulnerability exploits. If the Web page has changed there is a chance there is still an old copy in the cache. If the Web pages were deleted or blocked by a URL filter or ISP blacklists, the cached page is still accessible when clicking on the "cached" link in the search results page because the link to the cached page is different. Attackers are also capable of crafting multi-stage attacks where they deliberately create attack links, automatic pop-ups, or "invisible" windows frames containing code downloaded straight from the relevant cached page in the search engine. This vulnerability can also circumvent URL filtering solutions which will not block Google pages, for example. The vulnerability was discovered during Aladdin eSafe CSRT research when Aladdin security specialists analysed the content of a hacked Web site of a university which was later fixed - but the malicious content was still reachable and active from search engine caches. Affected sites: Google, MSN Live and Yahoo search. If you would like the opportunity to discuss this further please do not hesitate to contact us and we can arrange for you to speak with Mr. Ofer Elzam, Director of Product Management, Aladdin Knowledge Systems.

Read More News from Aladdin Knowledge Systems

Read More News for IT Security

Read More News for Internet Security and Content Filtering