Full Disclosure mailing list archives
GooglePlus Readers and Privacy issues
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml () tehtri-security com>
Date: Sat, 13 Aug 2011 21:08:38 +0200
Gents, Some Google Plus readers might reveal your IP address and interesting technical information while you read some kind of "malicious" G+ profiles. It's related to the structure of the web page of G+ profiles and the way they are loaded/displayed with such a client. Example of vulnerable G+ client: the iPhone Google+ app is vulnerable to this privacy issue. More public information shared with a quick note on our blog: => http://blog.tehtri-security.com/2011/08/googleplus-reader-privacy-checker.html If you want to do a quick test of your own G+ client, just read our G+ profile, and check if your IP address is revealed in the red box (picture): => https://plus.google.com/109460715054555475038 Join us for more hacking tricks and vulnerabilities during our next trainings: HITB Kuala Lumpur 2011 and Black Hat Abu Dhabi 2011. Best regards, Laurent Oudot, CEO TEHTRI-Security http://www.tehtri-security.com/ @tehtris _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GooglePlus Readers and Privacy issues Laurent OUDOT at TEHTRI-Security (Aug 13)