Google’s Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users’ login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering.

A proof-of-concept (PoC) attack, published by Adrian Pastor of the GNUCitizen ethical hacking collective, exploits a weakness in the google.com domain that allows him to inject third-party content into Google pages. The result is this page, which allowed him (at time of writing, anyway) to display a fraudulent Gmail login page that displayed mail.google.com in the browser’s address bar.

Download Mozilla Firefox now!

Related posts:

1. Bing.com accepting Google but doesn’t accepts Microsoft as it’s Sub-Domain. Im having the Proof
2. How to Create a Page Template in WordPress
3. The Google Image Search Engine Gets Makeover
4. Google Search Advanced Operators – Cheat Sheet
5. Dreamhost Hosting Discount: Webhosting + Free Domain for just $2.95