Monday, 4 May 2015

Cat-And-Mouse Game Around Google Password Alert Continues

There is now a real cat-and-mouse game developed around the Password Alert extension from Google that should protect Chrome users from phishing attacks, but has become an attractive target of investigators still trying to bypass the expansion and there also manage.

Password Alert allows users to enter their Google password on a phishing site get a warning. It is then possible to change the password from the warning. Earlier this week succeeded the British security consultant Paul Moore managed to evade Password Alert via a script of seven lines. Users were given in this case, no warning when their Google password on a phishing site filled in.

Google launched an update to version 1.4, which was also by Moore circumvented . Again, Google published a new version, 1.5, which the Dutch security company Securify came up with a way to bypass the warning. It did not take long before Google had this attack captured and released version 1.6. Researchers have now also passed this version, which is the latest version, to circumvent .

"Today, we have again found a new way to bypass Password Alert. By the login form to load an iframe which Javascript is disabled, it is no longer possible for Password Alert to capture keystrokes. This detection does not work anymore" says Yorick Koster of Securify. "In fact, this is a cat-and-mouse game, the extension checks if a user Google account information entered:. Email address and password When one of the two no longer good comes through, then the detection is not working.."

No comments:

Post a Comment