Google's Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users' login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering.
A proof-of-concept (PoC) attack, published by Adrian Pastor of the GNUCitizen ethical hacking collective, exploits a weakness in the google.com domain that allows him to inject third-party content into Google pages. The result is this page, which allowed him (at time of writing, anyway) to display a fraudulent Gmail login page that displayed mail.google.com in the browser's address bar.
Download Mozilla Firefox now!
Like this post? Don't miss another, Subscribe to this Blog. It FREE!
Add to Technorati Favorites
THIS POST IS SPONSORED BY
Place your ad on thousands of sites with BidVertiser. Get $20 in FREE clicks.
0 comment(s)
Post a Comment