Latest News

NEXTDC to build AI campus and GPU "supercluster" in Sydney

WA makes its chief data officer permanent

Samsung tried to fix triple zero problem with mobiles nearly five years ago

Cochlear plugs AI into its global contact centre operations

Seqwater seeking asset planning tool to overcome "functional limitations"

Researchers bypass Google redirect notice

By SC Australia Staff

Aug 29 2011 1:27PM

Burmese hacker group post proof of concept.

The Burmese YGN hacker group has detailed a URL redirect vulnerability that bypasses Google’s checks to point users to malicious websites.

Researchers bypass Google redirect notice

The flaw exists in the way that Google checks redirected URLs against a blacklist of known malicious web sites.

The attacker would send a victim a proxy server link which redirected to a malicious URL and, when clicked, would verify if the landing website was blacklisted by Google.

If it was, the server would generate a second malicious URL to infect users.

Researchers posted a proof of concept of the vulnerability on the YGN site.

Google redirect notice:

http://www.google.com/url?sa=t&url=http%3A%2F%2Fattacker.in%2Fmalware_exists_in_this_page%2F.

Bypass:

http://www.google.com/url?sa=t&url=http%3A%2F%2Fattacker.in%2Fmalware_exists_in_this_page%2F&usg=AFQjCNEBtpLqGPICIMz5TJZqfNsZKtHbRg

“The bypass link will last as long as Google doesn't change its internal algorithm that compares the hash against the provided URL,” researchers said.

Google posted tips to mitigate the risk of abuse of open redirect URLs.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

google redirect security vulnerabilities

Partner Content

How small audio upgrades can enhance your hybrid work and improve business ROI

Partner Content How small audio upgrades can enhance your hybrid work and improve business ROI

Empowering Sustainability: Schneider Electric's Commitment to Driving Customer Success

Partner Content Empowering Sustainability: Schneider Electric's Commitment to Driving Customer Success

Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Partner Content Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Transforming Australian Insurance Operations, Customer Service and Fraud Detection with AI and ML

Partner Content Transforming Australian Insurance Operations, Customer Service and Fraud Detection with AI and ML

Sponsored Whitepapers

Protect the data your business relies on

Protect the data your business relies on

The cloud tipping point

The cloud tipping point

How AI will deliver real business value

How AI will deliver real business value

The multicloud imperative

The multicloud imperative

Your multicloud advantage

Your multicloud advantage

Events

iTnews Executive Retreat - Security Leaders Edition

Most Read Articles

WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack

Home Affairs to unleash AI on sensitive government data

Home Affairs to unleash AI on sensitive government data

Watt flags more fed insourcing after BoM website outrage

Watt flags more fed insourcing after BoM website outrage

ASX outage caused by security software upgrade

ASX outage caused by security software upgrade

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories