[nsp-sec] Phishing sites on Google Drive (still active after 24 hours)
Gabriel Iovino
giovino at ren-isac.net
Tue Oct 2 10:00:25 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/2/2012 9:47 AM, Chris Morrow wrote:
> note that the spreadsheet thingy lets you set whatever domain you want
> in /a/domain.com/ ... this should also work as the above link:
>
> <https://docs.google.com/a/rarc.net/spreadsheet/viewform?formkey=dDFKRENaTDlBWVNldkRlaGREeTFxd0E6MQ>
Huh that is a ??interesting?? feature. I had noticed something funny
visiting that page when allowing javascript vs blocking javascript.
Which led me to crudely verify maine.edu seemed to be a valid domain by...
https://docs.google.com/a/maine.edu
redirects to
https://identity.maine.edu/cas/login...
If google allows one to put/spoof any domain in the url, I suppose that
will make it much more difficult to identify when a google apps customer
has compromised credentials.
Thanks for the heads up.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAlBq83gACgkQwqygxIz+pTtvZwCfVIPLPuEk3Wj4dOyX8yMkym73
/rkAnjC++MLYaDf5bLT8SeHcd5UaDWcQ
=zeHy
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list