[nsp-sec] Phishing sites on Google Drive (still active after 24 hours)
Chris Morrow
morrowc at ops-netman.net
Tue Oct 2 10:31:39 EDT 2012
On Tue, 2 Oct 2012, Gabriel Iovino wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/2/2012 9:47 AM, Chris Morrow wrote:
>> note that the spreadsheet thingy lets you set whatever domain you want
>> in /a/domain.com/ ... this should also work as the above link:
>>
>> <https://docs.google.com/a/rarc.net/spreadsheet/viewform?formkey=dDFKRENaTDlBWVNldkRlaGREeTFxd0E6MQ>
>
> Huh that is a ??interesting?? feature. I had noticed something funny
> visiting that page when allowing javascript vs blocking javascript.
>
> Which led me to crudely verify maine.edu seemed to be a valid domain by...
ya, I happened to find the 'feature' on my own :( was surprising :)
>
> https://docs.google.com/a/maine.edu
>
> redirects to
>
> https://identity.maine.edu/cas/login...
>
> If google allows one to put/spoof any domain in the url, I suppose that
> will make it much more difficult to identify when a google apps customer
> has compromised credentials.
>
> Thanks for the heads up.
sure thing! :(
More information about the nsp-security
mailing list