Slashdot Mirror
Google Bolsters Security To Prevent Another Google Docs Phishing Attack (zdnet.com)
Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.
Does it send every site I visit to Google to check against some scammer database? Does it internally recognize the Google logo? I can't imagine that there is some HTML magic sauce that makes one site appear legitimate while the other isn't so there will be simple ways to avoid detection.
Custom electronics and digital signage for your business: www.evcircuits.com
Well, this is too late for Podesta, whose password reset email is archived for public viewing here. If Google had had this protection back then, he would likely be Secretary of State under Hillary now. But instead he's stewing in his own juices, infuriated over the election result. Why's he so upset, though? I thought he was used to coming in a little behind...
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
First they warn you about 3rd party apps that have not kowtowed to Google. Next they will only run google approved apps. and already many apps only run on chrome.
Some drink at the fountain of knowledge. Others just gargle.
Substitute any $TECHCO you want for Google.
We're seeing a trend more and more to remove control of users over their own devices, and replace it with corporate control. Then things are done "to protect us" from $THREATOFTHEDAY.
The problem is: I cannot protect myself, if what's happening is hidden from me and my device treats me as the enemy, and I have a much, much better security track record than almost any $TECHCO. ("We take your security seriously" -> repeated ad nauseum after yet another breech impacting 40 millions...) The more opaque personal computing becomes, the more we have to trust someone else to "get it right", and usually they don't, because they have a highly conflicting priority of making everything trivial to use for the very dumbest consumers.
Also, the more we centralize this, the bigger that central target becomes, and the larger the scale of the breech when it happens. 30 years ago someone's computer is compromised and one person is harmed. Now, Google's data store is compromised and billions of people are harmed.
Some users of web applications are users of minority desktop or mobile platforms who are frustrated that developers of native applications lack the resources to port a particular native application to their platform. Other users of web applications are users of curated platforms who are frustrated that their platform's curator has rejected a particular native application.