Google Base, which was launched in beta version on Wednesday, provides users a way to post and classify information. These contents posted by users will also appear at Google’s web index, Froogle shopping site and its local business directories.
Recently, Google has patched a security problem with its content-hosting service. The security problem allowed attackers to steal sensitive information and cookies from Google Base and helped the attackers to insert counterfeit forms within Google Base pages. The problem, called a cross-site scripting vulnerability, faced both Yahoo’s mapping service and Google’s search service.
According to Jim Ley, the U.K computer specialist who discovered the bug, the problem was easy to find.
“It was due to incompetent programming on Google’s part. Obviously, there has been no security testing and there were cross-site-scripting holes in Google Base,” Jim Ley posted in his blog.
While its adversaries such as Microsoft has been publicly describing the security measures for improvement of its services, Google refused to talk about its new content-hosting service and its security measures.
“Google didn’t contact me to acknowledge my report regarding the bug. Google appear to have a complete silence approach to security, I guess they think what the public don't know can't worry them,” Jim Ley posted in his blog.
According to Paul Mutton, an Internet Services Developer with Netcraft, the nature of the problems discovered by Ley provides attackers with the tools to create sites with a good level of plausibility because the base URL would be that of a well-known brand - in this case Google or Yahoo.
"These flaws show that companies like Google and Yahoo has two choices: they need to improve testing their products or risk losing the public trust," wrote Mutton on Netcraft's website.
Both reporters and security experts have criticized Google's secretiveness about its products and its security developments. Search Giant Google remains silent regarding this issue.