Well it did not take very long! Not even a day after the beginning, a proof of concept (POC) of Google Password Vulnerability Alert was posted on the Web , pointing to the new Google initiative to protect the passwords of users, against the attempts of phishing with a new extension in Chrome.
See also : The release of Windows 10 does not mark the end of Windows Insider
"It is amazing" , said Paul Moore, a urity Group in information security consultant in the UK who wrote about this flaw. "The suggestion that it offers some level of protection is laughable".
The Password Alert extension in Chrome, is supposed to be able to keep an active eye on the attempts of phishing , sweeping known threats databases, while making them work against all the pages that have requested access to your Google account to sign in.
Corrected, but immediately hacked
Some hoped that the extension could open the door to a range of similar solutions for other third-party services, especially those, like Facebook and Twitter, rent their connections on the Web. But, by simply removing the JavaScript block that controls the warning banner that appears when fraudulent site is detected, Moore was able to fool the extension in suggesting that the target portal by the extension is a legitimate resource.
Google quickly responded to this problem by updating the service to block this vulnerability. But one day later, Moore returned to the center stage with a second fault. This iteration work to refresh the page after each character is typed, deceiving the warning system into thinking that the entire password has not been entered.
Fortunately, Moore is not a "nasty hack" and is more willing to show Google that its service is not optimal. Needless to say Google is on deck to best resolve worries.
See also : The release of Windows 10 does not mark the end of Windows Insider
"It is amazing" , said Paul Moore, a urity Group in information security consultant in the UK who wrote about this flaw. "The suggestion that it offers some level of protection is laughable".
Corrected, but immediately hacked
Some hoped that the extension could open the door to a range of similar solutions for other third-party services, especially those, like Facebook and Twitter, rent their connections on the Web. But, by simply removing the JavaScript block that controls the warning banner that appears when fraudulent site is detected, Moore was able to fool the extension in suggesting that the target portal by the extension is a legitimate resource.
Google quickly responded to this problem by updating the service to block this vulnerability. But one day later, Moore returned to the center stage with a second fault. This iteration work to refresh the page after each character is typed, deceiving the warning system into thinking that the entire password has not been entered.
Fortunately, Moore is not a "nasty hack" and is more willing to show Google that its service is not optimal. Needless to say Google is on deck to best resolve worries.