I recently switched to Android and was wondering what applications should I get started with, which led me to dozens of posts on the web cl...
After countless days of searching for a way to jailbreak my iPod Touch 2G MC Model on firmware 4.2.1 I finally figured it out with inputs ...
As of now, the Facebook application for Android does not support push notifications, but a forum member at Android Central forums has mana...
Earlier this year, we heard the news of Facebook beating Google’s Orkut in India. But Orkut still remains the most-widely used social netwo...
Wouldn't it be great if you could call a Google Voice number via SIP itself? That is exactly what I discovered today morning, while I w...
- February 2012 (1)
- January 2012 (2)
- December 2011 (6)
- November 2011 (13)
- October 2011 (10)
- September 2011 (12)
- August 2011 (15)
- July 2011 (12)
- June 2011 (11)
- May 2011 (9)
- April 2011 (12)
- March 2011 (14)
- February 2011 (9)
- December 2010 (1)
- November 2010 (10)
- October 2010 (20)
- September 2010 (15)
- August 2010 (2)
A blog post and video surfaced today showing how an attacker could quickly and easily gain administrative privileges to your Blogger account. The video does show off some complex techniques, but could easily be duplicated.
The hacker who posted it goes by the name of Nir Goldshlager, an Avnet information security specialist, posted his vulnerability for the world to see. Goldshlager did mention that this was for the Google Vulnerability Reward Program, where someone who successfully finds and exploits vulnerabilities in Google software will win $1337.
The seven minute video, Goldshlager posted shows how he successfully gained access to a blogger account by adding himself as an author (without the administrator’s approval), then sends himself a confirmation email, after which the attacker would become an author on the website. Following these steps, the attacker successfully modifies their permissions to become an administrator, allowing full access to add, edit, and delete all the content of the victims blog.
The blog doesn't mention if this vulnerability has been patched by Google or if Google is still unaware of the problem.