Google apps not so secure

Google's online applications'including Gmail and Google
Maps'are vulnerable to attack, according to a pair of
security researchers.


According to an Information Week report, Adrian Pastor,
a security researcher with GNUCitizen.org, posted proof-of-concept code that can inject a
third-party page'a fake login page in Pastor's
example'while the user's browser address bar still displays
the Google domain. This could dupe the user into entering login
details.


Security researcher Aviv Raff added that Google is vulnerable to "a
cross-domain Web-application sharing security design flaw." The
vulnerability Raff discovered reportedly affects other applications
beyond Gmail. According to Raff, applications in Google's
subdomains -- maps.google.com, images.google.com, news.google.com,
mail.google.com, and google.com -- are affected. This means, for
example, that Google Maps can be used to hijack Google, Google
Mail, or Google Apps accounts.


To read the complete Information Week report, click here.



inside gcn

  • man vs robot race (Zenzen/Shutterstock.com)

    Agencies see big upsides to RPA

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group