Domain vuln + frame injection = dead ringer spoof pages

Google’s Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users’ login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering.…

Full published article at: http://go.theregister.com/feed/www.theregister.co.uk/2008/10/10/google_cross_domain_bug/

This entry was posted on Friday, October 10th, 2008 at 8:19 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.