Google Toolbar Flaw Opens Door for Phishers
Robert McMillan writes on InfoWorld:
Google is working to fix a bug in the Google Toolbar that could allow criminals to steal data or install malicious software on a system, a security researcher warned Tuesday.More here.
The flaw lies in the mechanism Google Toolbar uses to add new buttons on the browser. Because the toolbar does not perform adequate checks when new buttons are being installed, a hacker could make his button appear as though it was being downloaded from a legitimate site when in fact it came from somewhere else. By spoofing the origin of the toolbar button, an attacker could download malicious files or launch a phishing attack against the victim, wrote security researcher Aviv Raff in a blog post on the issue.
Raff has posted proof of concept code, showing how such an attack would work with the Internet Explorer browser. A Google spokeswoman confirmed Tuesday that the company is working to fix the problem.
0 Comments:
Post a Comment
<< Home