The Google Gadget application could potentially be used for phishing by cyber criminals, according to an internet researcher.
Robert Hansen recently told Google that hackers could devise site on the gmodules.com domain which could be used for phishing. The domain is trusted by many antiphishing websites. Mr. Hansen suggested that the internet search engine giant be more draconian about who can use the domain in order to prevent it being abused.
However, Hansen said that when he told Google about the weakness, the company responded by saying that the perceived flaw is a known part of the site's operations. Hansen is the chief executive of the internet research company SecTheory. Alex Stamos, a researcher with Isec Partners, said in an email to the IDG News Service: "They have to have this throw-away domain to jail modules written by other people,"
"It's not an unreasonable model and it's the best they can do to host content created by malicious parties while not exposing themselves to attack." Google Gadget is used by web designers and web masters to display different pieces of information on their pages, such as the weather or stock market data.
No comments:
Post a Comment