14 DAY TRIAL // Hackers from team BlitzSec discovered vulnerabilities in the search engines Ask and Google, but also in Ask’s toolbar webpage.
The danger levels for all three security holes are estimated as being high by the grey hats.
More specifically, the cross-site scripting (XSS) flaw found in us.ask.com can be utilized by cybercriminals to perform “cookie catching.” A similar vulnerability located on the toolbar.ask.com domain can be utilized basically in the same way.
Finally, the weakness found on Google.com, the world’s most popular search engine, allows ill-purposed hackers to launch “cookie phishing attacks.”
While security holes found in Google may be rare, in the past period security experts identified a number of issues in its competitor, Ask.com. TeamHav0k found an XSS problem in the maps section of Ask which could allow for XSS Tunneling and other malicious operations.