Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Google won't fix login page flaw that can lead to malware download

30 Aug 2016   #1
Brink

64-bit Windows 10 Pro
 
 
Google won't fix login page flaw that can lead to malware download

Quote:
Google has said it will not fix a potential security flaw that could trick a user into downloading malware from its login window.

The company told security researcher Aidan Woods it "made the decision not to track" his bug bounty submission as a vulnerability.

Woods explained on his blog that Google's login screen allows an app or service to redirect to a page after the user signs in.

The theory goes that an attacker could trick a user into clicking a link that points to a malware file.

But Google said that the redirect page has to fall within "*google.com" domains, limiting its impact.

The problem, said Woods, is that malware hosted on "drive.google.com" or "docs.google.com" which fall within the Google subdomain parameters could still be used to serve up malware, and hide it as a genuine Google login page.

The search giant said in its reply to Woods: "Only first reports of technical security vulnerabilities that substantially affect the confidentiality or integrity of our users' data are in scope, and we feel the issue you mentioned does not meet that bar."

Woods, believing Google didn't fully understand the issue, published the full exchange of emails on his blog.


Source: Google won't fix login page flaw that can lead to malware download | ZDNet

See also: Aidan Woods - Google's Faulty Login Pages


My System SpecsSystem Spec
.
30 Aug 2016   #2
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

I feel all harm and fuzzy inside
I never understood the page switching part of a login
I always thought is a silly thing to do personally.
My System SpecsSystem Spec
30 Aug 2016   #3
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

Quote   Quote: Originally Posted by ThrashZone View Post
I feel all harm and fuzzy inside
I never understood the page switching part of a login
I always thought is a silly thing to do personally.

Facebook does it to, when you comment on a news article that use facebook connect.
My System SpecsSystem Spec
.

Reply

 Google won't fix login page flaw that can lead to malware download




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Fake Miles & More Emails Lead to Zbot Drive-By Download
Fake Miles & More Emails Lead to Zbot Drive-By Download - Softpedia
System Security
Halloween-Related Web Searches Can Lead to Malware
Halloween-Related Web Searches Can Lead to Malware - Softpedia
System Security
Sponsored search results lead to malware
If you subscribe to "Windows Secrets", you may have already read this bit of security news. If not, please read: Sponsored search results lead to malware
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App