Tuesday, December 7, 2010

Security Alert from Google Website Optimizer

A potential security risk has been addressed by Google, and they caution that there is an ability for a hacker to execute malicious code on your site using XSS (cross site scripting) within the Website Optimizer Script. The attack's are a low probability, but Google does advise that you take necessary precautions to protect your website.

The bug itself has been fixed, therefore they will not affect any new experiments. However, experiments that are currently running need to be updated. If you have any Website Optimizer scripts paused or stopped that were created before December 3, 2010, you need to update that code or remove it.

Updating the Code:

(Choose One of two ways)

1. Stop current experiments, remove old scripts, and create a new experiment.
2. Update the code on your site directly.

Creating a new experiment is essentially the easier option. More information can be found at this blog as far as specific html coding to update.

via Google Website Optimizer Team

No comments: