by Christopher Mims, Technology Review
Google’s account recovery procedure can make it unclear to users that they’re giving hackers full access to their account. A technique used by marketers to trick people into signing up for “free” merchandise could easily be re-deployed as an engine for harvesting untold numbers of Google account passwords. Fixing the issue won’t be trivial for Google, because the exploit is fundamental to how Google allows users to recover access to their accounts when they lose or forget their passwords. While others have reported on the use of this exploit by individual hackers, I believe what you’re reading now is the first account of how it could be transformed into a mass phishing scam that could dragoon even relatively sophisticated users.
http://www.technologyreview.com/blog/mimssbits/27863/?p1=blogs
Share on Facebook