http://www.google.co.uk/translate?hl=en&u=+++mn6i0.tk+%0A%0A++

Background:

"...Google Translate is a free statistical multilingual machine-translation service provided by Google Inc. to translate written text from one language into another. .." - Wikipedia .

Think of Translate like Douglas Adam's babelfish, but in an online, text form.

Vulnerability:

The former vulnerability is rather simple. After a few redirects to fool anti-fraud mechanisms, the translated website pops out of Translate's iframe and redirects the user to a website or content of their choosing.

Solution:

One may use HTML5-sandbox iframes to prevent the top level hijacking. Google engineers implemented HTML5 to mitigate the vulnerability. But in the interests of those web developers who utilize Flash, Silverlight and other interesting development tools, Translate enables translators to disable "Translated in Safe Mode." This results in allowing the translator to slit their throat. To each their own.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Jul 30 Google Translate #vulnerability and #exploit

Jul 31 #Scalr #vulnerabilities

Jun 26 #Carberp vulnerabilities - C&C pie

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.