Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Researcher Bypasses Google Password Alert For Second Time 35

Trailrunner7 writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.

The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.

Just a day after Google released the extension, Paul Moore, a security consultant in the U.K., developed a method for bypassing the extension. The technique involved using Javascript to look on a given page for the warning screen that Password Alert shows users. The method Moore developed then simply blocks the screen, according to a report on Ars Technica. In an email, Moore said it took him about two minutes to develop that bypass, which Google fixed in short order.

However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.

"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.

Bing Now Nearly As Good As Google — Says Microsoft 405

An anonymous reader writes "Harry Shum, who oversees research and development for Microsoft's Bing search engine, believes his company has now matched Google's ability to build software platforms that can harness the power of tens of thousands of servers. — 'For many years, we've really tried to play the catch-up game,' Shum says. 'And now we feel that after a lot of effort, we understand search quality problems better than before, and that if you look at Google and Bing, the quality is beginning to be very comparable.' While his comments might be a little biased, many people do share the same opinion. How do you feel about Bing's search results compared to Google's? For example DuckDuckGo, the privacy oriented search engine, uses Bing's back-end and has gained a small following on Slashdot."

Slashdot Top Deals

1 1 was a race-horse, 2 2 was 1 2. When 1 1 1 1 race, 2 2 1 1 2.