Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Google's Anti-Phishing Plug-In Leaked Passwords

Submitted by
eldavojohn
eldavojohn writes "There's a brief article on Ars Technica about how Finjan Inc. (a security provider) found a security problem with Google's anti-phishing plug-in for Mozilla Firefox and covertly contacted Google about it. From the article,
How did an anti-phishing plugin wind up exposing user names and passwords to the general public? Google's software used a public blacklist, available from Google's servers, which listed sites that were fraudulently pretending to be banking or other financial institutions. Unfortunately, some of these sites embedded usernames and passwords directly into the URL — obviously phishing sites didn't have concerns about security — and were thus viewable by anyone.
So you might be asking why this isn't bigger news. Well, Google has since fixed this problem and turned this issue into a non-issue. One must wonder whether this form of bug discovery is more sensible or 'correct' than the constant Microsoft bugs published online. Perhaps if Google continues to handle low key notices seriously, they'll never find themselves in the same position as Microsoft?"

Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.

Working...