- Apr 25, 2013
- 5,355
Researcher has discovered a new Timing attack that could unmask Google users under some special conditions.
Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular person or organization. A cyber criminal could share a Google document with an email address, un-checking the option by which Google sends the recipient a notification.
ISSUE REPORTED TO GOOGLE - NO FIX
The issue was responsibly reported to Google Security team by Andrew Cantino, the vice president of engineering at Mavenlink. The search engine giant acknowledged the issue, but declined to fix it because the risk, both in terms of impact and difficulty of exploiting this against a large population, is low.
“I don't really disagree with them— this is hard to fix, and fairly theoretical,” said Cantino, who previously had been awarded a bug bounty from Google multiple times. “Still, I think this is an interesting example of a timing attack, and shows how hard these sorts of issues can be to avoid.”
Full Article
Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular person or organization. A cyber criminal could share a Google document with an email address, un-checking the option by which Google sends the recipient a notification.
ISSUE REPORTED TO GOOGLE - NO FIX
The issue was responsibly reported to Google Security team by Andrew Cantino, the vice president of engineering at Mavenlink. The search engine giant acknowledged the issue, but declined to fix it because the risk, both in terms of impact and difficulty of exploiting this against a large population, is low.
“I don't really disagree with them— this is hard to fix, and fairly theoretical,” said Cantino, who previously had been awarded a bug bounty from Google multiple times. “Still, I think this is an interesting example of a timing attack, and shows how hard these sorts of issues can be to avoid.”
Full Article