Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Reporting on Cyberthreats without Fear Mongering | Main | Threats to Mobile Devices Growing – Tipping Point on the Horizon »

Google Security: Acquires Anti-Malware, Stumbles on Vulnerability

Google continues to move further into the security market with the acquisition of Greenborder Technologies, maker of browser-based security tools. Greenborder’s products provide a sandbox for executing code from untrusted sources, From Infoworld:

By running unknown code in such a "time-out" setting, where the content remains isolated from a local host and any trusted network it is connected to, GreenBorder claims to prevent malware programs from delivering their nefarious payloads.

Any content arriving on a user's desktop from an untrusted source is visually hosted in a controlled virtual environment highlighted by a green border surrounding programs like Outlook and IE.

Both McAfee (sponsor of this site) and Symantec have this type of technology as well. For Google, this acquisition could help improve the security of their offerings which have suffered some vulnerabilities (but no show stoppers), like the problems with Google Apps, Adwords, and most recently, Google Desktop.

Chris Soghoian of Indiana University found vulnerabilities in Firefox add-ons that can be exploited when plug-ins are updated over poorly secured networks. The vulnerability described by Soghoian affects several popular plug-ins including Google Toolbar and Google Browser Sync. The Security Fix reports:

The problem is especially dangerous with Google's toolbar. Firefox usually will alert users that new versions of installed add-ons are available and give users the option to decline or accept the updates. But Soghoian said Google's toolbar (which is bundled with Firefox) updates without any such prompts.

Unfortunately, while one part of Google is making progress on the security front, who ever deals with security researchers is undermining the company’s image (again from the Security Fix):

Google said it planned to have the vulnerability corrected by today's date, but over the weekend the company asked Soghoian to delay publishing his findings for a few days more while the company worked on a solution. Soghoian declined that request, saying he didn't think it was appropriate for Google to ask for a delay after ignoring his e-mails for 30 days.
Tags:                        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on May 30, 2007 8:46 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/316

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net