[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] GooglePlus Readers and Privacy issues

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] GooglePlus Readers and Privacy issues
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 13 Aug 2011 21:08:38 +0200

Gents,

Some Google Plus readers might reveal your IP address and interesting
technical information while you read some kind of "malicious" G+ profiles.

It's related to the structure of the web page of G+ profiles and the way
they are loaded/displayed with such a client.

Example of vulnerable G+ client: the iPhone Google+ app is vulnerable to
this privacy issue.

More public information shared with a quick note on our blog:
=>
http://blog.tehtri-security.com/2011/08/googleplus-reader-privacy-checker.html

If you want to do a quick test of your own G+ client, just read our G+
profile, and check if your IP address is revealed in the red box (picture):
=> https://plus.google.com/109460715054555475038

Join us for more hacking tricks and vulnerabilities during our next
trainings: HITB Kuala Lumpur 2011 and Black Hat Abu Dhabi 2011.

Best regards,

Laurent Oudot, CEO TEHTRI-Security
http://www.tehtri-security.com/
@tehtris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2011:123 ] squirrelmail
Next by Date: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x0C
Previous by thread: [Full-disclosure] [ MDVSA-2011:123 ] squirrelmail
Next by thread: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x0C
Index(es):
- Date
- Thread