Security Blog

The latest news and insights from Google on security and safety on the Internet

Do Know Evil: web application vulnerabilities

May 4, 2010
Share on Twitter Share on Facebook
Google

6 comments :

H3dicho said...

"it takes a hacker to catch a hacker,"

GREAT!!

May 4, 2010 at 9:05 AM
Unknown said...

Sure this should be titled "Defense against the Dark Arts" at Bugwarts University?

vint

May 4, 2010 at 10:11 AM
zprian said...

When you create an account, the user and password are sent by GET method.
Maybe, would be better send credentials via a POST form to avoid shoulder-surfing.

May 5, 2010 at 12:54 AM
JOHNinKEYWEST said...

I had my wp blog hacked a while back with a script it was nasty. So this looks pretty interesting. I'm surprised it wasn't Jaiku :) I wonder why Google did work that site like they should of. Well anyway Google does many things I don't understand :) Thanks for the op to learn appreciate it

May 5, 2010 at 1:08 AM
Unknown said...

I think the lab skipped over bookmarklet attacks. You don't even need to create the link. The home page field could be set to javascript:alert("a"). When I first played around with the web app, I wasn't sure what the home page was (before I configured my account), and I clicked on the only two there.

Also, by having the user expect a link, you can easily make up a phishing scheme (you could use a javascript redirect to replace the page in web history with your own site, which the pretends to be a warning that you are about to leave the site. then you send the user to some boring site, prompting the user to hit the back button. then, thanks to a cookie or remembering the ip address, your fake page asks the user to log in again.)

May 20, 2010 at 6:31 PM
The great said...

There are many people stealing information and pasword.
please keep them away from doing it.
Thanks

October 29, 2010 at 2:13 AM

Post a Comment

  

Labels


  • #sharethemicincyber
  • android
  • android security
  • android tr
  • app security
  • big data
  • biometrics
  • blackhat
  • chrome
  • chrome security
  • diversity
  • federated learning
  • Gboard
  • google play
  • google play protect
  • pha family highlights
  • privacy
  • Security
  • spyware
  • targeted spyware
  • vulnerabilities


Archive


  •     2021
    • Mar
    • Feb
    • Jan
  •     2020
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2019
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2018
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2017
    • Dec
    • Nov
    • Oct
    • Sep
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2016
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2015
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2014
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • Apr
    • Mar
    • Feb
    • Jan
  •     2013
    • Dec
    • Nov
    • Oct
    • Aug
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2012
    • Dec
    • Sep
    • Aug
    • Jun
    • May
    • Apr
    • Mar
    • Feb
    • Jan
  •     2011
    • Dec
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • Jun
    • May
    • Apr
    • Mar
    • Feb
  •     2010
    • Nov
    • Oct
    • Sep
    • Aug
    • Jul
    • May
    • Apr
    • Mar
  •     2009
    • Nov
    • Oct
    • Aug
    • Jul
    • Jun
    • Mar
  •     2008
    • Dec
    • Nov
    • Oct
    • Aug
    • Jul
    • May
    • Feb
  •     2007
    • Nov
    • Oct
    • Sep
    • Jul
    • Jun
    • May

Feed

Follow
Give us feedback in our Product Forums.
  • Google
  • Privacy
  • Terms