“
Google (NSDQ: GOOG)'s online applications are vulnerable to attack, two security researchers claimed Friday. Google Gmail, for example, is vulnerable to a frame injection attack that could be used to phish login credentials from Google users.
Adrian 'pagvac' Pastor, a security researcher with GNUCitizen.org, on Friday posted proof-of-concept code that can inject a third-party page -- a fake login page in Pastor's example -- while the user's browser address bar still displays the Google domain. This could dupe the user into entering login details.
"The beauty of frame injection attacks is that the attacker is able to impersonate a trusted entity without needing to bypass XSS/HTML filters or even break into the target server," explains Pastor on the GNUCitizen site.
” source...
Loading...