Google has a well known product called Google Enterprise Appliance which lets you run “Google” yourself — for your own site.
The vulnerability, which follows a similar exploit in the Google appliances from last year, has not been exploited to anyone’s knowledge, a Google spokesman said in a statement.
There was a nasty bug found in the appliance which let attacks happen more easily by inserting HTML or JavaScript into the actual search results. Therefore, whenever someone searched for that specific term, JavaScript would be executed and possibly could harm that user’s machine.
“They’re afraid of a coordinated misinformation attack,” said Herron. “People would be led to sites with real government URLs but with fake information.”
Here’s another problem they are running into. People are being directed to fake websites that do not have the right information. This can be termed “phishing” because you are being directed somewhere that you believe to be right — such as Paypal as commonly known to be phished — but you are being directed to a “setup” website that just takes your information and then uses it against you.
