IceWarp has discovered that if Google's sample code is used, the customer ID (which controls which of Google's customers is charged for the translation) is embedded in the resulting web page, and can therefore be hijacked by an unscrupulous party to perform translations at someone else's expense.
"Google Translate is an outstanding product, and we are proud to be in the first batch of its paying customers," said IceWarp president Ladislav Goc. "We were really surprised to find out that virtually anyone with basic hacking skills can steal a customer code. It is relatively easy, since Google Translate is typically using JavaScript. The code is visible to everybody directly in the HTML code of the page."
"If someone will open a web site with implemented Google Translate V2 and will 'view code' the [customer ID] is fully visible and can be used on another web site resulting 'free' translation , because the charges will go to the regular paying customer of Google Translator," Mr Goc added. "Risk of such situations is substantial. Free Google translation service will be terminated at the end of 2011, leaving a huge amount of developers and users utilising it now in a limbo. Significant number of these users is likely to be very upset and start looking for both revenge and free service."
IceWarp has found a way to avoid disclosing its Google Translate customer ID by calling Google Translate from the server. "Thus the key is not exposed at all and cannot be stolen and misused," said Mr Goc.
By: Stephen Withers
No comments:
Post a Comment