[Infowarrior] - Russian hackers exploited a Google flaw the company has refused to fix

[Richard Forno]

Russian hackers exploited a Google flaw the company has refused to fix

Hacker team “Fancy Bear” used a Google security flaw to attack journalists, and the tech giant has done nothing

Matthew Sheffield2017-09-24T15:00:30Z•2017-09-24T15:00:30Z

A hacking team reportedly linked to the Russian government has been utilizing a security flaw in a Google service to launch attacks on investigative journalists. The web giant has known about the vulnerability since November of last year but has still failed to fix it.

The security bug lies within Google's implementation of a new internet standard it has been trying to promote called Accelerated Mobile Pages (AMP). Google has marketed AMP as a way of optimizing web pages for smartphones. Launched in late 2015, AMP is designed to provide simpler versions of websites that can load faster on the often slower data connections and microprocessors used by mobile devices.

To further speed things up for smartphone users, Google preloads copies of AMP pages listed in search results so they can be instantly loaded if they are subsequently clicked. The only way this background loading of pages can be accomplished is to give the cached pages Google.com URLs.

< - >

http://www.salon.com/2017/09/24/russian-hackers-exploited-a-google-flaw-and-google-wont-fix-it/