Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Public Service Search Makes for Easy Phishing

Posted by ryuzaki0 on from the watch-where-you-search dept.

lisah writes "According to reports at NewsForge this morning, Developer Eric Farraro has discovered a potential hole in Google's Public Search Service that may leave the door wide open for phishing scams. The Public Search Service, designed to allow universities and other non-profit institutions to add Google search capabilities to their websites, provides code that allows website developers to customize the header and footer of the search results page. Handy (and malicious) coders can manipulate the headers and footers to create what looks like a Google sign-in page and then collect the login names and passwords of unsuspecting users." NewsForge and Slashdot are both owned by OSTG.

6 of 40 comments (clear)

  1. report them by gEvil+(beta) · · Score: 1, Funny

    Quick, someone report them to stopbadware.org!

    --
    This guy's the limit!
  2. Give a man a fish... by Kenja · · Score: 3, Funny

    Give a man a fish and he can eat for one day, teach a man to phish and he can anoy millions of people for the rest of his (hopfully short) life.

    (Sigh) Its all rather depressing realy. After having the same domain and email address for ten years my spam to real mail ratio is about 500:1 and I can find my email address on decade old usenet posts via Google.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Give a man a fish... by AugustZephyr · · Score: 4, Funny

      On a simliar note....
      Build a man a fire and keep him warm for a night. Set a man on fire and you will keep him warm for the rest of his life.

  3. Ackbar'ed by Infinityis · · Score: 4, Funny

    IT'S A TRAP

  4. I love you, Gooooogle by Frankie70 · · Score: 2, Funny


    And you find that the google www.google.com/u/gplus doesnt work now. I'll say one thing. They sure are quick.


    How the hell did they manage that gazillion man hours work of disabling a webpage & then testing the fix
    of disabling the webpage so quickly.

    I bet everyone right from the top to botton at Google must have been working non-stop on
    disabling this webpage.

    Anyway, Kudos & three cheers to Google on disabling this so quickly.
    They surely are amazing. Who knows, maybe they even hired a few thousand extra temporary workers
    also to work on disabling this webpage. What a great company.

    I love you, Gooooogle

  5. to rephrase this by AlgorithMan · · Score: 2, Funny
    coders can [...] create what looks like a Google sign-in page and then collect the login names and passwords of unsuspecting users.
    to rephrase this:
    Eric Farraro has discovered that phishing might exist...
    --
    The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes