Google announced they are going to switch to https:// logged-in people doing a search on http://www.google.com/, consequently their will be no more search query in the referrer for these people. It should not affect logged-in people doing search on http://www.google.LOCAL_TLD like google.fr/google.de… I see on twitter people asking how much is the part of these google-logged visitors to mesure the impact of this change. Guess what ? Everybody can now how much logged-in-google user visit your website. Actually, when a logued-in-google visitor arrive on your site from a google search he will have a special parameter « sig2=XXXX » in the referrer, a parameter a not-logged user won’t have. This parameter is leaked by the « www.google.XXX/url?sa= » URL which is reponsible to...

EDIT 03/11/2011: Google is now showing a new box bellow the +1 button making the attack less effective. I don’t know if we can hide this box, I don’t have the time neither the motivation to work on it right now. Well it looks like the twitter clickjacking attack I published this morning on the new twitter follow button works also on google plus1 button. You need to have enable the +1 feature on your google account before trying the exploit, because the first time you +1 a page, google will popup a window to activate the feature. You can enable the feature by clicking on the +1 button bellow. After you can try the +1 exploit here, click...

Today Twitter released a new follow button which allow to instantly follow a user by clicking it if your connected. You don’t need to go on the twitter website to follow, everything is done through an iframe. It’s look like we can do a clickjacking attack on this iframe. Here is how it’s work : You set the iframe fully transparent/invisible via CSS. You capture the mouse event. When the user move the mouse, you move the twitter button iframe in order it always stay under the cursor. If the user click somewhere on your page, he will automatcly follow your account. You gain more followers girls love you. The hack is running on this page, i’ve just set...