Powered By Nikeshoestore!

Google’s anti-phishing plugin leaked passwords

Posted on 02/01/2019 | in 杭州夜生活 | by

A recent press release from web security provider Finjan Inc. has exposed a security flaw with Google’s anti-phishing browser extension for the Firefox web browser. Apparently, the extension accidentally gathered some users’ e-mail addresses and passwords. Finjan informed Google of the problem earlier this month before making their findings public, and Google has since released an updated version of their plugin that fixed the problem.HangZhou Night Net

How did an anti-phishing plugin wind up exposing user names and passwords to the general public? Google’s software used a public blacklist, available from Google’s servers, which listed sites that were fraudulently pretending to be banking or other financial institutions. Unfortunately, some of these sites embedded usernames and passwords directly into the URL—obviously phishing sites didn’t have concerns about security—and were thus viewable by anyone.

The fix was a simple one and merely involved Google stripping out any user information from the URL before posting it to the blacklist site. Still, the fact that a tool designed to help stop online fraud could have accidentally revealed sensitive user information is somewhat disquieting, especially given the fact that many people reuse the same passwords for multiple sites.

Finjan recommends that home users disable features found on many web toolbars that enable URL sharing or forwarding, although this would impact many of the latest “social software” utilities that have been popular with Web 2.0 fans. Also, they strongly suggest—and this is always good practice—that users should never use the same password for more than one site. Corporate users are told to use “proactive” protection for their web security solution, as antivirus and URL filtering software by themselves may not be enough.

Comments are closed.

Categories

Recent Posts

Default utility Image isoHunt.com taken offline by ISP

Fans of BitTorrent search site isoHunt discovered yesterday that the popular site had gone offline....

Default utility Image New Jersey, New York to reap the benefits of Vista

With Windows Vista's release looming, Microsoft is doing all it can to spread...

Default utility Image Ballmer on the iPhone, or whatever it will ultimately be called

HangZhou Night Net

Microsoft Steve is not impressed with...

Default utility Image MySpace offers limited parental tools; critics not impressed

MySpace is, according to one conservative author I spoke with last year, a "porn hole."...

Default utility Image Beatles to finally arrive on iTunes in February. Maybe.

Yes, yes, we know that this rumor has been floating around...

Recent Posts

Default utility Image Default utility Image Default utility Image Default utility Image Default utility Image

Recent Posts

Default utility Image isoHunt.com taken offline by ISP

Fans of BitTorrent search site isoHunt discovered yesterday that the popular site had gone offline....

Default utility Image New Jersey, New York to reap the benefits of Vista

With Windows Vista's release looming, Microsoft is doing all it can to spread...

Default utility Image Ballmer on the iPhone, or whatever it will ultimately be called

HangZhou Night Net

Microsoft Steve is not impressed with...

Default utility Image MySpace offers limited parental tools; critics not impressed

MySpace is, according to one conservative author I spoke with last year, a "porn hole."...

Default utility Image Beatles to finally arrive on iTunes in February. Maybe.

Yes, yes, we know that this rumor has been floating around...

Tag Cloud