U.S. markets close in 2 hours 21 minutes
  • S&P 500

    4,290.97
    +10.82 (+0.25%)
     
  • Dow 30

    33,891.08
    +130.03 (+0.39%)
     
  • Nasdaq

    13,102.27
    +55.08 (+0.42%)
     
  • Russell 2000

    2,014.34
    -2.28 (-0.11%)
     
  • Crude Oil

    89.07
    -3.02 (-3.28%)
     
  • Gold

    1,798.30
    -17.20 (-0.95%)
     
  • Silver

    20.29
    -0.41 (-1.97%)
     
  • EUR/USD

    1.0171
    -0.0087 (-0.84%)
     
  • 10-Yr Bond

    2.7820
    -0.0670 (-2.35%)
     
  • GBP/USD

    1.2074
    -0.0065 (-0.53%)
     
  • USD/JPY

    133.2290
    -0.2510 (-0.19%)
     
  • BTC-USD

    24,154.00
    -144.37 (-0.59%)
     
  • CMC Crypto 200

    574.26
    -16.51 (-2.79%)
     
  • FTSE 100

    7,509.15
    +8.26 (+0.11%)
     
  • Nikkei 225

    28,871.78
    +324.80 (+1.14%)
     

Google won’t own up to a major security flaw, researcher says

A security researcher who hunts bugs for a living says that Google won’t acknowledge one of his findings. According to Aidan Woods, the way Google’s login pages are built would help an attacker either steal login information from unsuspecting users or convince them to install files which would appear to be downloading directly from Google.

DON’T MISS: Is the iPhone 7 going after DSLRs?

The tech giant told Woods that the issues do not qualify as bugs (and, therefore, for a payout) under its bug bounty program, so Woods went public with the information, hoping the issue would get the appropriate attention.

On his blog, Woods explains how an attacker could redirect a Google user to fake Google login page where the user could enter his or her credentials believing it’s the real thing.

One other attack would be to deliver a malware payload that would download to a user’s computer without the Google service page on the screen changing to suggest an action has been taken. The download could be malware that the user could install thinking it’s coming from Google.

Because of the way Google’s domain is built, an attacker could redirect users to Google.com properties where it’s relatively easy to upload files that could then be used for malware attacks. At least that’s how Woods described the entire thing.

Google, meanwhile, thinks this isn’t a vulnerability that hackers can use. A full email exchange between Woods and Google, as well as his elaborate explanation, is available at this link.

Trending right now:

  1. Working iPhone 7 Plus captured on video for the first time

  2. You should be excited that Apple’s iPhone 7 is killing the headphone jack

  3. Big Pokemon Go update is about to bring some exciting new features

See the original version of this article on BGR.com