Industry News Home More stories like this... RSS Feed

Hackers warn of Gmail vulnerabilities

An online security researcher has claimed that internet users risk exposing their personal data to cyber crooks when using Google's Gmail login page.

According to Adrian Pastor of GNUCitizen, a group claiming to be comprised of ethical hackers, a security flaw in the program could be manipulated to expose users to online threats.

Using a proof-of-concept (PoC) example to prove his theory, the hacker last week published a demonstration of how the system could be compromised using frame-injection techniques.

In his explanation, Pastor says the technique works by using legitimate looking clones to intercept the users' data while still displaying the URL of the legitimate website.

"The attacker has managed to display a non-legitimate third-party page, while the legitimate domain (mail.google.com in this case) is shown in the address bar," he stated.

"The beauty of frame injection attacks is that the attacker is able to impersonate a trusted entity without needing to bypass XSS/HTMLi filters or even break into the target server."

Google says it is investigating the allegation.

PC Tools anti virus software offers security and protection for your friends and family against latest viruses, worms and Trojans. Visit www.pctools.com to upgrade your protection