dcsimg
Linux Today: Linux News On Internet Time.





NewsForge: Google Public Service Search Makes for Easy Phishing

Sep 18, 2006, 09:00 (0 Talkback[s])
(Other stories by Joe Brockmeier)

"You might want to be very careful before entering your username and password on any 'new' services from Google. Developer Eric Farraro has uncovered a potential hole in Google's Public Search Service that allows a malicious (or mischievous) person to put up a fake Google sign-in page to collect usernames and passwords for real Google services.

"I found a question this morning on Ask MetaFilter about a supposed new service called Gmail Plus. The URL, www.google.com/u/plus, looked legit. In my pre-caffeinated state, I almost entered my Google username and password to see what sort of pre-announced Google service this MeFi-er had turned up. Instead, I went ahead and checked the comments and found that signing in would have been a very, very bad idea..."

Complete Story

Related Stories: