Google needs to go back to the drawing board, as Password Alert is hacked in 24 hours

[zappian]

This is frankly hilarious , the monolith that is google tried to implement a chrome extension to protect peoples password from phishing attemps :

 

 

Well, that didn’t take very long.

Not even a day after its debut, a proof-of-concept exploit has been posted which fools Google’s push to protect people’s passwords from phishing attempts through a new extension in Chrome.

 

Well it was hacked in a day by a single individual. Paul Moore a white hat hacker and security consultant.

 

 

“It beggars belief,” said Paul Moore, an information security consultant at UK-based Urity Group who wrote the exploit. “The suggestion that it offers any real level of protection is laughable.”

The Password Alert extension was supposed to be able to keep an active eye on phishing attempts by scanning databases of known threats, and running them against any pages that asked for your Google account to login.

 

But, just by simply removing the Javascript block which controls the warning banner that pops up when a fraudulent site is detected, Moore was able to fool the extension into thinking his set-up phishing portal was a legitimate resource.

 

So google went back to the drawing board and fixed the exploit . Paul moore cracked their protection again:

 

 

Google responded to the problem by quickly updating its service to block that specific route of entry, but just a day after that, Moore returned with a second crack which circumvented both updates without fail.

This iteration works by refreshing the page after every character is typed in, which fools the warning system into thinking the full password was never entered in the first place.

 

It just shows how futile some of these protection measure are and are easily circumvented by someone with enough time and skill to put into it .
Google needs to find another way to implement this .

 

Original Article : http://www.digitaltrends.com/computing/google-needs-to-go-back-to-the-drawing-board-as-password-alert-is-hacked-in-24-hours/

[Kyuubixchidori]

 

 

It just shows how futile most of these protection measure are and are easily circumvented by someone with enough time and skill to put into it , even google cant fight back against the internet.

 

Original Article : http://www.digitaltrends.com/computing/google-needs-to-go-back-to-the-drawing-board-as-password-alert-is-hacked-in-24-hours/

how you say it makes it sound like google should just give up on security. Yeah its hard as hell, but no reason to stop trying to protect password

[Laputacake]

[TheKDub]

People being able to hack it means they just need to work on different ways of securing passwords, not give up entirely.

[cesrai]

Google can't fight back the internet ??? and we should stop trying to protect our passwords ??? 

[AlexGoesHigh]

Snip

yes

[Guest]

That's like a condom with a hole in it.

[zappian]

Google can't fight back the internet ??? and we should stop trying to protect our passwords ??? 

Updated the OT thingie.

[cesrai]

Updated the OT thingie.

I don't think you have to as it's your opinion.

[Maslofski]

that sounds so simple to be overlooked by google *_*

[aom]

that sounds so simple to be overlooked by google *_*

well when until you actually try to make it, thats all its going to be for you, it sounds simple.

Google could have made it better and tested it more, but still these things are bound to happen. And OP makes it sound like security should be completely eliminated because its hard to accomplish.

[zappian]

That's like a condom with a hole in it.

They were touting this as a big thing to stop phising and it was defused in 24 hours.

That made me lol.

[Maslofski]

well when until you actually try to make it, thats all its going to be for you, it sounds simple.

Google could have made it better and tested it more, but still these things are bound to happen. And OP makes it sound like security should be completely eliminated because its hard to accomplish.

 as i said, it sounds simple, just as simple sounding as splitting atoms sounds

[NateGSR117]

Well at least they know they should try harder, and thank god for white hat hackers

[dragosudeki]

Google should just hire that guy. Gotta give him the respect for cracking it. The best security would come from the best hackers.

[airlexccy]

This is Banana

[Paul Moore]

Thanks zappian.

 

We're up to 9 exploits so far, with 2 being virtually impossible to resolve without breaking either the sandbox or fixing a race condition which has existed for years.

 

I'd expect Google to pull it quite soon.