HD Moore of Metasploit wrote to tell us that they have been doing some testing to see who has been naughty and who has been nice. Metasploit found a potential XSS vulnerability in Google's search appliance and worked with Google to get a patch issued. Details are at http://metasploit.com/research/vulns/google_proxystylesheet/.
One day after the patch came out, Moore did a bit of Internet analysis and reported this: "Nov 22 2005 - Quite a few people were wondering what percentage of the Internet-accessible appliances have yet to apply the patch. We decided to do some statistical sampling and find out. We selected 43 appliances at random from a Google query for inurl:proxystylesheet. Of these 43 systems, 23 were confirmed vulnerable (non-invasively), 8 were definitely patched, and the remaining 12 could not be determined one way or another (for a variety of reasons). If we assume this sample was anything close to the real distribution, we are talking about over half (53%) of all appliances being unpatched." |
Marcus 301 Posts ISC Handler Nov 23rd 2005 |
Thread locked Subscribe |
Nov 23rd 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!