Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - Google's Anti-Phishing Plug-In Leaked Passwords

eldavojohn writes: "There's a brief article on Ars Technica about how Finjan Inc. (a security provider) found a security problem with Google's anti-phishing plug-in for Mozilla Firefox and covertly contacted Google about it. From the article,
How did an anti-phishing plugin wind up exposing user names and passwords to the general public? Google's software used a public blacklist, available from Google's servers, which listed sites that were fraudulently pretending to be banking or other financial institutions. Unfortunately, some of these sites embedded usernames and passwords directly into the URL — obviously phishing sites didn't have concerns about security — and were thus viewable by anyone.
So you might be asking why this isn't bigger news. Well, Google has since fixed this problem and turned this issue into a non-issue. One must wonder whether this form of bug discovery is more sensible or 'correct' than the constant Microsoft bugs published online. Perhaps if Google continues to handle low key notices seriously, they'll never find themselves in the same position as Microsoft?"

"It doesn't much signify whom one marries for one is sure to find out next morning it was someone else." -- Rogers

Working...