Google apps not so secure

Google's online applications'including Gmail and Google
Maps'are vulnerable to attack, according to a pair of
security researchers.


According to an Information Week report, Adrian Pastor,
a security researcher with GNUCitizen.org, posted proof-of-concept code that can inject a
third-party page'a fake login page in Pastor's
example'while the user's browser address bar still displays
the Google domain. This could dupe the user into entering login
details.


Security researcher Aviv Raff added that Google is vulnerable to "a
cross-domain Web-application sharing security design flaw." The
vulnerability Raff discovered reportedly affects other applications
beyond Gmail. According to Raff, applications in Google's
subdomains -- maps.google.com, images.google.com, news.google.com,
mail.google.com, and google.com -- are affected. This means, for
example, that Google Maps can be used to hijack Google, Google
Mail, or Google Apps accounts.


To read the complete Information Week report, click here.



Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.