A well-known programming error left the newly opened service to Google

Diario Ti: Google Buzz has received strong criticism after its release. According to initial reports, a failure in the mobile version would be made possible, at least in theory, attacks by a cross-site scripting.

Microsoft, meanwhile, has assured that cares Buzz”, while the government of Canada is investigating the privacy policy of Google’s new service.

The latest negative news about Buzz has been filed by the computer security expert Robert Hansen, president of SecTheory, who says that Buzz could be easily hacked. Hansen himself was informed of a hacker named TrainReq, known in hacker circles for having spoken the email account of Miley Cyrus, stole photographs from which was subsequently made available without permission from the artist.

Hansen said that Google programmers have made a mistake and that the service could easily be spoken by intruders, using the so-called cross site scripting, which allows servers to run malicious code on others (in this case Google).

Thus, an attacker could publish a text in the account of a user of Google and use it later for phishing. Whereas knowledge of the user believes that the message comes from this person, you may induce them to click on links that would otherwise not activated, said Hansen.

Google fixed the problem immediately, a situation which was verified by Hansen himself. Indeed, the script in question is now presented only in text without being interpreted or executed by the browser.

According to Hansen, then it was a shameful mistake for a respected company as big as Google. The expert concluded by wondering how you can feel safe with all the information Google collects from its users when the company is not able to adequately secure their own services.