Google Maps and other Google Apps vulnerable to attack

In Friday’s InformationWeek there is an article detailing “bug that could let hackers use Google Maps to infiltrate Google, Google Mail, or Google Apps accounts“.

According to the article, a frame injection attack could be used to phish login credentials from Google users via Maps:

The Butler Group Adrian ‘pagvac’ Pastor, a security researcher with GNUCitizen.org, on Friday posted proof-of-concept code that can inject a third-party page — a fake login page in Pastor’s example — while the user’s browser address bar still displays the Google domain. This could dupe the user into entering login details.

“The beauty of frame injection attacks is that the attacker is able to impersonate a trusted entity without needing to bypass XSS/HTML filters or even break into the target server,” Pastor explained on the GNUCitizen site.

Please consider leaving a comment as your input will help me (& everyone else) better understand and learn about local.
Google Maps and other Google Apps vulnerable to attack by

4 thoughts on “Google Maps and other Google Apps vulnerable to attack”

  1. A frame injection attack is not the way hackers have been hacking Google maps. Unfortunately it is so much easier than that. It’s a simple hole that Google is fully aware of that for some reason they refuse to close. I have proved this to myself over and over again, and I am about to write an article on the process in hopes they close the hole. Thanks, Robert

  2. Hi Robert

    I am not suggesting that they are. The article indicated that Maps was being used in an effort to phish a user name and pw. Not in an effort to hijack listings.

    Mike

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments links could be nofollow free.