Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Sunday May 03 2015, @08:12PM   Printer-friendly
from the whoopsie! dept.

Google has been obliged to revise its Password Alert anti-phishing protection just hours after releasing it when security researchers showed how the technology was easily circumvented.

Security consultant Paul Moore (@Paul_Reviews) has published a proof-of-concept JavaScript exploit that skirted the defensive technology with just seven lines of code.

The Password Alert for Chrome browser plug-in is meant to trigger alerts for users in cases when they are induced to hand over their password to counterfeit sites impersonating Google (other online services aren't covered).

The extension only kicks into action after users have signed into their Google account; thereafter it puts up warnings to reset Gmail passwords in cases where users are taken in by a phish.

The problem is these alerts can be shut down with minimum effort and a few lines of JavaScript planted on counterfeit sites. More specifically, Moore's script looks for a warning banner every five milliseconds before removing anything it detects. Other approaches aimed at preventing humans actually seeing a warning – effectively killing off alerts kill[sic] as soon as they are generated – might also have been possible.

Moore posted a short video on YouTube to highlight his concerns.

http://www.theregister.co.uk/2015/05/01/google_password_alert_easily_disabled_6_lines_javascript/

[Also Covered By]: http://arstechnica.com/security/2015/04/30/behold-the-drop-dead-simply-exploit-that-nukes-googles-password-alert/

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by nightsky30 on Sunday May 03 2015, @11:14PM

    by nightsky30 (1818) on Sunday May 03 2015, @11:14PM (#178269)

    Ah, no need for redundancy. Nice!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2