Hosting Google gadgets make it easier for phishers?
The gmodules.com domain used to host Google gadgets can be used by phishers, said security researcher and CEO of SecTheory Robert Hansen.
Hansen stated that gmodules.com can be used by phishers to bypass anti-phishing filters. An attacker could create a phishing site on the gmodules.com domain, and then send the victim a link to it. Since the domain gmodules.com, being owned by Google, is trusted, anti-phishing filters pass it and the victim gets to the “left” website.
Robert Hansen, a frequent critic of Google, reported this problem to the company's security team, but they said there was no cause for concern. Dissatisfied with the conversation, Hansen says that "if they leave everything as it is, he guarantees that it will be used in [phishing] attacks."
Hansen stated that gmodules.com can be used by phishers to bypass anti-phishing filters. An attacker could create a phishing site on the gmodules.com domain, and then send the victim a link to it. Since the domain gmodules.com, being owned by Google, is trusted, anti-phishing filters pass it and the victim gets to the “left” website.
Robert Hansen, a frequent critic of Google, reported this problem to the company's security team, but they said there was no cause for concern. Dissatisfied with the conversation, Hansen says that "if they leave everything as it is, he guarantees that it will be used in [phishing] attacks."
')
Source: https://habr.com/ru/post/13369/
All Articles