Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Antiphishing Site Exposed Private User Data

Posted by kdawson on from the self-phishing dept.

Juha-Matti Laurio writes "Google has removed a few user names and passwords posted inadvertently to a phishing blacklist it compiles and makes publicly available on the Web. This information was submitted to Google by Firefox users with the browser's internal antiphishing toolbar. This feature, developed in cooperation with Google, enables users to report potential phishing sites to Google's blacklist database. Google has reportedly implemented a new mechanism detecting login data in submitted URLs to prevent sensitive information from getting posted to the list." The article notes that news of this minor lapse may obscure the ongoing problem of sensitive data exposed on the Web and findable via Google and other search services.

2 of 69 comments (clear)

  1. Nice by madsheep · · Score: 2, Interesting

    Sounds like we have some sites that are passing persistent username and password information in the URL (not just querystrings etc). That's pretty lame. I think Barracuda SPAM Firewall does this as well. Perhaps one of these days we'll just see applications with a higher level of security and won't have to worry about this so much.

  2. Re:Truth about phishing by FooAtWFU · · Score: 3, Interesting

    Whatever we you are talking about, I do not wish to be a member of it. Thank you.

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.