views
New Delhi: While Google was playing a prank on its users on April Fool's Day with its practical, digital jokes, one of its own pranks put to risk the site's security.
When users visited Google's homepage on April 1, they were greeted with entire content displayed backwards. However, researchers at Netcraft found that the prank compromised the site's own security by omitting a crucial header that is used to prevent click-jacking attacks.
A report on Ars Technica notes that the click-jacking exploits trick users into performing undesired actions such as changing their user preferences. Attackers could have used this omission to change the user settings including turning off SafeSearch filters.
Omission of the X-Frame-Options allows the use of HTML iframe tags to display Google's homepage on third-party Web pages and allow attackers to stitch the Google page into their own site and embed hidden code that changed the function of certain links.
The researchers brought to notice this loophole in Google's usage of the scripts and the search giant has decided to no longer use the risky method to display the settings page within an iframe on an external domain.
Comments
0 comment