Google cross domain bug proof of concept

Google's Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users' login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering.

A proof-of-concept (PoC) attack, published by Adrian Pastor of the GNUCitizen ethical hacking collective, exploits a weakness in the domain that allows him to inject third-party content into Google pages. The result is this page, which allowed him (at time of writing, anyway) to display a fraudulent Gmail login page that displayed in the browser's address bar.

Link: The Register

Report a problem with article
Previous Story

Opera promises faster surfing with new browser

Next Story

Wal Mart decides to keep DRM Servers

10 Comments - Add comment