Google mail users 'at risk' of being duped.
I had the link: it starts with metro.co.uk/news....
I'll just type up the article since I can't get the full link.
Users of Google's Gmail service have been warned that they could unwittingly supply hackers with their secret log-in details.
A security expert has published what he says is evidence of a securtiy flaw that could enable hackers to tamper with the Gmail log-in screen.
Users may then type in their username and password without realising what they were inputting was actually being sent to the hackers rather than Google.
Adrian Pastor of GNUCitizen, which calls itself an ethical hackers group, published details online of how a third-party fake page could be developed to snare Gmail users.
He said there was a weakness with Google's domain which made it possible for third-parties to 'inject' their own content onto Google's pages, making the user believe it was authentic.
To prove the potential, Pastor published a fake Google page which seemed to be a genuine Gmail login screen but was actually a fraud.
"The previous PoC URL will cause the entered credentials to be submitted to www.gnucitizen.org when clicking on the Sign in, so please do NOT submit any real credentials," Pastor wrote after publishing the fake.
Google says it is investigating the report.
I think its "TT" "TPM TIME!!!!"
