Google Public Service Search Makes for Easy Phishing 40
lisah writes "According to reports at NewsForge this morning, Developer Eric Farraro has discovered a potential hole in Google's Public Search Service that may leave the door wide open for phishing scams. The Public Search Service, designed to allow universities and other non-profit institutions to add Google search capabilities to their websites, provides code that allows website developers to customize the header and footer of the search results page. Handy (and malicious) coders can manipulate the headers and footers to create what looks like a Google sign-in page and then collect the login names and passwords of unsuspecting users." NewsForge and Slashdot are both owned by OSTG.
report them (Score:1, Funny)
Give a man a fish... (Score:4, Funny)
(Sigh) Its all rather depressing realy. After having the same domain and email address for ten years my spam to real mail ratio is about 500:1 and I can find my email address on decade old usenet posts via Google.
Ackbar'ed (Score:5, Funny)
I love you, Gooooogle (Score:3, Funny)
And you find that the google www.google.com/u/gplus doesnt work now. I'll say one thing. They sure are quick.
How the hell did they manage that gazillion man hours work of disabling a webpage & then testing the fix
of disabling the webpage so quickly.
I bet everyone right from the top to botton at Google must have been working non-stop on
disabling this webpage.
Anyway, Kudos & three cheers to Google on disabling this so quickly.
They surely are amazing. Who knows, maybe they even hired a few thousand extra temporary workers
also to work on disabling this webpage. What a great company.
I love you, Gooooogle
to rephrase this (Score:2, Funny)
Eric Farraro has discovered that phishing might exist...
Re:Give a man a fish... (Score:4, Funny)
Build a man a fire and keep him warm for a night. Set a man on fire and you will keep him warm for the rest of his life.