Security Alerts & News
by Tymoteusz A. Góral

History
#1388 Google login issue allows credential theft
Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials. or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process.

A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don’t consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter.

“Google’s login page accepts a vulnerable GET parameter, namely ‘continue’. As far as I can determine, this parameter undergoes a basic check,” Aidan Woods, the researcher who discovered the bug, wrote in an explanation of the flaw.
Read more
#1394 How trojans manipulate Google Play
#1393 How we helped to catch one of the most dangerous gangs of financial cybercriminals
#1392 Google won't fix login page flaw that can lead to malware download
#1391 OSX/Keydnap spreads via signed Transmission application
#1390 New ransomware threat deletes files from Linux web servers
#1389 An unsecured database leaves off-the-grid energy customers exposed
#1388 Google login issue allows credential theft
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12