Google Open to Frame Injection Attack
Posted in Report has it that Google is vulnerable to a frame injection attack that could be used to phish login credentials from Google users. The vulnerability can open up a vector of attack through other applications beyond Gmail.Â
Any applications in Google’s roster of canonical domains: maps.google.com, images.google.com, news.google.com, mail.google.com, and google.com are potentially vulnerable. The attacker can perform the phish without needing to bypass XSS/HTML filters or even break into the a targeted Google server which makes it even more dangerous.
Frame Injection Proof of Concept Code
Aviv’s, the security researcher who disovered vuln.  blog entry:
Popularity: 7% [?]
interesting article though
not really sure the whole frame injection concept though
thanks
I am wondering why Google and other big organizations don’t work on such threats. It is really scary if someone who trust these big organizations loses his/her data. I think it would be much better if they work on vulnerabilities portion of their applications as well.
My nerves are shaking after reading this. Calling the attention of the best “fighters” for this kind of “intruder”. Should be put to halt before it starts wrecking this hitech world.
So what’s Google gonna do now?
If you want to make sure your secure try using a proxy when logging into things, besides, google would have fixed this in no time.