SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Google Password Alert could be Foiled with Just 7 Lines of JavaScript
Date    Sunday May 03 2015, @08:12PM
Author    cmn32480
Topic   
from the whoopsie! dept.
https://soylentnews.org/article.pl?sid=15/05/03/131216

AnonTechie writes:

Google has been obliged to revise its Password Alert anti-phishing protection just hours after releasing it when security researchers showed how the technology was easily circumvented.

Security consultant Paul Moore (@Paul_Reviews) has published a proof-of-concept JavaScript exploit that skirted the defensive technology with just seven lines of code.

The Password Alert for Chrome browser plug-in is meant to trigger alerts for users in cases when they are induced to hand over their password to counterfeit sites impersonating Google (other online services aren't covered).

The extension only kicks into action after users have signed into their Google account; thereafter it puts up warnings to reset Gmail passwords in cases where users are taken in by a phish.

The problem is these alerts can be shut down with minimum effort and a few lines of JavaScript planted on counterfeit sites. More specifically, Moore's script looks for a warning banner every five milliseconds before removing anything it detects. Other approaches aimed at preventing humans actually seeing a warning – effectively killing off alerts kill[sic] as soon as they are generated – might also have been possible.

Moore posted a short video on YouTube to highlight his concerns.

http://www.theregister.co.uk/2015/05/01/google_password_alert_easily_disabled_6_lines_javascript/

[Also Covered By]: http://arstechnica.com/security/2015/04/30/behold-the-drop-dead-simply-exploit-that-nukes-googles-password-alert/

Links

  1. "AnonTechie" - https://soylentnews.org/~AnonTechie/
  2. "Paul Moore" - https://ramblingrant.co.uk/
  3. "seven lines of code" - https://twitter.com/Paul_Reviews/status/593722652835061761
  4. "short video on YouTube" - https://www.youtube.com/watch?v=HwEGYwCgqtk

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Google Password Alert could be Foiled with Just 7 Lines of JavaScript on 2024-03-29 10:06:18