Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Cache threat through search engine vulnerability.

Aladdin Knowledge Systems : 06 December, 2007  (Technical Article)
Aladdin has uncovered the use of embedded scripts which target cached pages by changing the script and lulling users into false sense of security with previously visited pages.
The Aladdin eSafe CSRT is the first to discover a new vulnerability in the page caching feature of major search engines. It appears that most search engines do not verify the safety of code in Web pages that are cached - and the threat is within this fact -- that these cached Web pages are saved with embedded scripts and HTML code that can also contain various vulnerability exploits.

If the Web page has changed there is a chance there is still an old copy in the cache. If the Web pages were deleted or blocked by a URL filter or ISP blacklists, the cached page is still accessible when clicking on the "cached" link in the search results page because the link to the cached page is different.

Attackers are also capable of crafting multi-stage attacks where they deliberately create attack links, automatic pop-ups, or "invisible" windows frames containing code downloaded straight from the relevant cached page in the search engine. This vulnerability can also circumvent URL filtering solutions which will not block Google pages, for example.

The vulnerability was discovered during Aladdin eSafe CSRT research when Aladdin security specialists analysed the content of a hacked Web site of a university which was later fixed - but the malicious content was still reachable and active from search engine caches.

Affected sites: Google, MSN Live and Yahoo search.

If you would like the opportunity to discuss this further please do not hesitate to contact us and we can arrange for you to speak with Mr. Ofer Elzam, Director of Product Management, Aladdin Knowledge Systems.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo