Google Password Alert Hacked, Twice
It’s not even been 24 hours and and Security Expert Paul Moore Found a way to bypass Google Password Alert Twice.
Researchers first attempt was by using simple javascript code, which was to look for warning and then remove the warning banner. Which means warning banner is there but it’s not visible to the user. Google soon released updated version and users were advised to download version 1.4.
Bypassing #Google #PasswordAlert with 7 lines of code. #infosec #fail #phishing cc @gcluley @jleyden @EduardKovacs pic.twitter.com/SEb4EMQDQ4
— Paul Moore (@Paul_Reviews) April 30, 2015
After version 1.4 came out, Paul Moore started to reanalyze the code, and released another script. There is no stopping to it at the moment. Which is good thing, we don’t want something which doesn’t work when it comes to our data/emails. Hopefully Google finds a better fix for the application which sounded really good.
#Google #PasswordAlert version 1.4 bypassed, again! cc @dangoodin001 @jleyden @gcluley @troyhunt @EduardKovacs pic.twitter.com/JrvrlFBYWN
— Paul Moore (@Paul_Reviews) May 1, 2015
Bypassing Google’s Password Alert “Protection”
For now users are advised not to use the extension until Google finds a fix for second flaw. If you want to update, you should update to version 1.4 at least. Also turn on two factor authentication.
Currently there nearly 28,000 downloads.
