While preparing to use Google Translate V2 in its LiveWebAssist system a company uncovered a security flaw in Google Translate. IceWarp discovered that if Google’s sample code is used, the customer ID (which controls which of Google’s customers is charged for the translation) is embedded in the resulting web page, and can therefore be hijacked by an unscrupulous party to perform translations at someone else’s expense.
“Google Translate is an outstanding product, and we are proud to be in the first batch of its paying customers,” said IceWarp president Ladislav Goc. “We were really surprised to find out that virtually anyone with basic hacking skills can steal a customer code. It is relatively easy, since Google Translate is typically using JavaScript. The code is visible to everybody directly in the HTML code of the page.”
See: iTWire
Comments about this article
Estados Unidos
Local time: 17:10
ruso al inglés
+ ...
Anybody know if this is for real? The iTWire article is not written in very good English, and I don't understand all of it. (Sample code? What's that?)
Francia
Local time: 23:10
inglés al francés
+ ...
Anybody know if this is for real? The iTWire article is not written in very good English, and I don't understand all of it. (Sample code? What's that?)
This article only concerns usage of Google Translate to produce a web page.
The article is not very accurate technically either.
It is relatively easy, since Google Translate is typically using JavaScript.
It isn't.
The code calling Google Translate *can* use JavaScript.
CAT tools, typically, would not use it.
"Sample code" is just an example of a program.
Didier
Local time: 17:10
alemán al inglés
It's an account and server configuration issue for website administrators. It only applies to websites which are using the paid version of Google Translate to provide automated online translations.
There was no need for the press release, except to draw attention to IceWarp. There's not even a real security issue there, because no competent web development team would be so foolish put their private ... See more
It's an account and server configuration issue for website administrators. It only applies to websites which are using the paid version of Google Translate to provide automated online translations.
There was no need for the press release, except to draw attention to IceWarp. There's not even a real security issue there, because no competent web development team would be so foolish put their private API key in the publicly visible source code for a web page.
Would a web developer put a database password in publicly visible source code? No. Can web applications securely interact with a database? Yes. But how? Don't ask IceWarp; they'll make it sound like they just discovered fire and are now working on the wheel.
For PC Magazine's take on this non-issue, see:
http://securitywatch.pcmag.com/none/291133-google-rebuffs-customer-s-security-flaw-claim ▲ Collapse
To report site rules violations or get help, contact a site moderator:
You can also contact site staff by submitting a support request »
This discussion can also be accessed via the ProZ.com forum pages.