News Another Phishing Hole Found in Google

Discussion in 'Article Discussion' started by GreatOldOne, 22 Oct 2004.

  1. GreatOldOne

    GreatOldOne Wannabe Martian

    Joined:
    29 Jan 2002
    Posts:
    12,092
    Likes Received:
    112
    More fresh phish from Searchzilla, only a day after they plugged the last one. This from eWeek:

    Google Inc. said on Thursday it fixed a flaw in its site that could allow outsiders to launch phishing attacks based on Google's familiar interface, and is working on a second fix for another similar vulnerability.

    The flaw, which was discovered and posted to Symantec Corp.'s Bugtraq security site on Tuesday. The bulletin demonstrated the ability of hackers using JavaScript to modify and enter their own content within Google's site in order to obtain personal information, including credit card numbers.

    "It's not going to trick people going to Google.com, but if you can get someone to open your site, which looks like Google's site, it's really quite clever," said Paul Mutton, an Internet services developer for Netcraft Ltd., a security and analyst firm based in Bath, England. "The user sees a URL address that starts with Google, and appears to be a Google Web site. Because it's their domain, people wouldn't question what they're seeing."


    More here, but you may need a rod license... ;)
     
Tags: Add Tags

Share This Page