{"id":1127,"date":"2008-10-12T03:33:33","date_gmt":"2008-10-12T07:33:33","guid":{"rendered":"http:\/\/blumenthals.com\/blog\/?p=1127"},"modified":"2008-10-12T03:33:33","modified_gmt":"2008-10-12T07:33:33","slug":"google-maps-and-other-google-apps-vulnerable-to-attack","status":"publish","type":"post","link":"https:\/\/blumenthals.com\/blog\/2008\/10\/12\/google-maps-and-other-google-apps-vulnerable-to-attack\/","title":{"rendered":"Google Maps and other Google Apps vulnerable to attack"},"content":{"rendered":"<p>In Friday&#8217;s InformationWeek there is <a href=\"http:\/\/www.informationweek.com\/news\/internet\/google\/showArticle.jhtml?articleID=211100232\">an article<\/a> detailing  &#8220;<em>bug that could let hackers use Google Maps to infiltrate Google, Google Mail, or Google Apps accounts<\/em>&#8220;.<\/p>\n<p>According to the article, a frame injection attack could be used to phish login credentials from Google users via Maps:<\/p>\n<blockquote><p>\nThe Butler Group Adrian &#8216;pagvac&#8217; Pastor, a security researcher with GNUCitizen.org, on Friday posted proof-of-concept code that can inject a third-party page &#8212; a fake login page in Pastor&#8217;s example &#8212; while the user&#8217;s browser address bar still displays the Google domain. This could dupe the user into entering login details.<\/p>\n<p>&#8220;The beauty of frame injection attacks is that the attacker is able to impersonate a trusted entity without needing to bypass XSS\/HTML filters or even break into the target server,&#8221; Pastor explained on the GNUCitizen site.<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>In Friday&#8217;s InformationWeek there is an article detailing &#8220;bug that could let hackers use Google Maps to infiltrate Google, Google Mail, or Google Apps accounts&#8220;. According to the article, a frame injection attack could be used to phish login credentials from Google users via Maps: The Butler Group Adrian &#8216;pagvac&#8217; Pastor, a security researcher with &#8230;<\/p>\n","protected":false},"author":262,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1127","post","type-post","status-publish","format-standard","hentry","category-google-maps-google-local"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/posts\/1127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/users\/262"}],"replies":[{"embeddable":true,"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/comments?post=1127"}],"version-history":[{"count":2,"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/posts\/1127\/revisions"}],"predecessor-version":[{"id":1129,"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/posts\/1127\/revisions\/1129"}],"wp:attachment":[{"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/media?parent=1127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/categories?post=1127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blumenthals.com\/blog\/wp-json\/wp\/v2\/tags?post=1127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}