Hacker goes phishing in Google's pond
Last Updated: Friday, September 15, 2006 | 4:50 PM ET
CBC News
Related
Internal Links
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Google had a bit of egg on its face Friday after a programmer set up a site that looked like an upgrade to Gmail, but actually demonstrated a flaw in the site's security.
The fake log-in page for "Gmail Plus" is an example of a phishing site, a forgery of a genuine site designed to fool users into giving up private information such as passwords.
This case was unusual because the phishing site was on Google's own domain, google.com.
According to a blog entry by Eric Farraro, he made the page to show a flaw in the design of a little-known Google service called Google Public Service Search, which provides a co-branded search page for universities and non-profit groups.
Farraro was able to set up a page at www.google.com/u/gplus, created a site that looked similar to the Gmail log-in page and used code written in Javascript to remove the Google co-branding.
Entering account information on the fake log-in page brought up a new page with the message "You (could have) gotten served!" and a copy of the user name and password entered.
Farraro said he notified Google of the exploit the day after he found it. Google has taken down the page and disabled Google Public Service Search.
Share Tools
Top News Headlines
- Quebec premier says Montreal mayor should resign
- Quebec Premier Pauline Marois says Montreal Mayor Michael Applebaum should step down following his arrest this morning. more »
- Canadians jailed after Dominican post-wedding fight released
- Two Canadian men imprisoned in the Dominican Republic following a post-wedding brawl last month have been released and will be returning to Canada, a family member says. more »
- Northern Gateway in Canadians' interest, Enbridge tells review board
- Canada will be vulnerable to economic disaster should the Northern Gateway pipeline be rejected, the proponent told a federal review panel Monday as the final phase of public hearings got underway. more »
- MPs weigh in on Justin Trudeau charging speaking fees
- The New Brunswick charity that asked Liberal leader Justin Trudeau to return a speaking fee eight months after he appeared at a fundraiser has sparked a debate among MPs about the propriety of accepting money for what some say MPs should do for free. more »
Must Watch
- Canadians jailed after Dominican post-wedding fight released
- Parents of son 'brutally beaten' playing hockey want charges
- Toronto Mayor Rob Ford needs security, brother says
- Quebec premier says Montreal mayor should resign
- Teen killed at mill near Vernon identified
- The class photo that made a father cry
- Student with bullied past, 'The Doorman,' graduates
- Northern Gateway in Canadians' interest, Enbridge tells review board
- Sick Regina boy who made waves around the world dies
