Slashdot Mirror
Google Bolsters Security To Prevent Another Google Docs Phishing Attack (zdnet.com)
Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.
MY BALLS!!! Suck 'em, nerds!
"Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen."
Does this mean that non-Chrome users are still vulnerable to this attack? I am not concerned about myself as I know how to handle this. Just wondering how would common folks handle this if they are not using Chrome.
Does it send every site I visit to Google to check against some scammer database? Does it internally recognize the Google logo? I can't imagine that there is some HTML magic sauce that makes one site appear legitimate while the other isn't so there will be simple ways to avoid detection.
Custom electronics and digital signage for your business: www.evcircuits.com
Well, this is too late for Podesta, whose password reset email is archived for public viewing here. If Google had had this protection back then, he would likely be Secretary of State under Hillary now. But instead he's stewing in his own juices, infuriated over the election result. Why's he so upset, though? I thought he was used to coming in a little behind...
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Google recently implemented a verification process for Projects using certain features and scopes, in response to phishing attacks. However, they have also created a method to bypass the verification process when using Projects for personal use.
You will need to join the ‘Allow Risky Access Permissions By Unreviewed Apps’ Google group to bypass the verification. After authenticating, you can then leave this group.
I fucking HATE interstitials. I will not be using Google Docs anymore if I start getting a bunch of goddamn motherfucking interstitials every time I try to do something.
First they warn you about 3rd party apps that have not kowtowed to Google. Next they will only run google approved apps. and already many apps only run on chrome.
Some drink at the fountain of knowledge. Others just gargle.
Substitute any $TECHCO you want for Google.
We're seeing a trend more and more to remove control of users over their own devices, and replace it with corporate control. Then things are done "to protect us" from $THREATOFTHEDAY.
The problem is: I cannot protect myself, if what's happening is hidden from me and my device treats me as the enemy, and I have a much, much better security track record than almost any $TECHCO. ("We take your security seriously" -> repeated ad nauseum after yet another breech impacting 40 millions...) The more opaque personal computing becomes, the more we have to trust someone else to "get it right", and usually they don't, because they have a highly conflicting priority of making everything trivial to use for the very dumbest consumers.
Also, the more we centralize this, the bigger that central target becomes, and the larger the scale of the breech when it happens. 30 years ago someone's computer is compromised and one person is harmed. Now, Google's data store is compromised and billions of people are harmed.
You knew I'd show up in this article! But I'm here to talk about v2 of my revolutionary hosts tool. It's a local DNS recursor that CNAMEs everything to imabiggaybaby.com. Then I use my hosts file for slashdot.org so I can post here. This fits all my web browsing needs.
APK
See subject: Is that the "best ya got"? Yes. It's not worth squat (like you & "your kind").
* Unbelievable! All your jew satanist SAUL ALINSKY tactics of "ridicule" & "attack, Attack, ATTACK" crap fails vs. facts & truth, every single time - especially vs. me (as what I use = facts/truth).
(Am I working on a BETTER version of my already decent (proof's in the link in my 'p.s.' below) program? Yes. I've already boosted the slowest part of it, false positive filtration, by gaining 33++% better performance - & I'm FAR from done!)
APK
P.S.=> Clue for losers like you: IF you spent a fraction of the time you do impersonating me etc., you'd manage what I have https://it.slashdot.org/comments.pl?sid=10874833&cid=54834613/ but then, "your kind" is wholly incapable of decent accomplishment for the general overall net good - you're "idle hands = the devil's workshop" instead - prove me wrong (you can't)... apk
Who uses "web apps"?
Google will app thier apps to ensure that app apps are appingly apped. If an app wants you to app the app, you must app first before apping the app. Apps apps app app app app.
Some users of web applications are users of minority desktop or mobile platforms who are frustrated that developers of native applications lack the resources to port a particular native application to their platform. Other users of web applications are users of curated platforms who are frustrated that their platform's curator has rejected a particular native application.