Google needs to go back to the drawing board, as Password Alert is hacked in 24 hours

By Chris Stobing May 1, 2015

Well, that didn’t take very long.

Not even a day after its debut, a proof-of-concept exploit has been posted which fools Google’s push to protect people’s passwords from phishing attempts through a new extension in Chrome.

“It beggars belief,” said Paul Moore, an information security consultant at UK-based Urity Group who wrote the exploit. “The suggestion that it offers any real level of protection is laughable.”

The Password Alert extension was supposed to be able to keep an active eye on phishing attempts by scanning databases of known threats, and running them against any pages that asked for your Google account to login.

Some were hoping the extension could usher in a whole range of companies taking advantage of similar services, especially those like Facebook and Twitter which lease out their logins to destinations all across the web.

But, just by simply removing the Javascript block which controls the warning banner that pops up when a fraudulent site is detected, Moore was able to fool the extension into thinking his set-up phishing portal was a legitimate resource.

Google responded to the problem by quickly updating its service to block that specific route of entry, but just a day after that, Moore returned with a second crack which circumvented both updates without fail.

This iteration works by refreshing the page after every character is typed in, which fools the warning system into thinking the full password was never entered in the first place.

Luckily for the rest of us, Moore is on the good guys side of this fight, and was more than willing to rub Google’s noses in its mistakes before widely publishing the details of his work so the whitehat community could provide a temporary fix to compensate.

If you ask us, Google probably needs to hit the whiteboard a little harder before they roll out crucial services like this, lest all our passwords end up in the hands of the enemy first.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…

Computing

The 5 best laptops for accountants in 2024

Samsung Galaxy Book3 Pro 360 top down tablet view with pen.

Accountants tend to have a lot on their shoulders, especially as a lot of folks can rely on them for financial health, which is very important in today's world where the economy isn't at its best. As such, it's important to have the right tools for the job, and while there are a ton of great laptops out there that might work well for accounting, some will excel at it more than others. As such, we've gone out and picked our favorite laptops that can easily handle everything from large and heavy-duty spreadsheets to accounting software. Also, if you haven't quite found what you're looking for here, be sure to check out some of or other favorite laptop deals as well.
The Best Laptops for Accountants in 2024

Buy the if you want the best overall laptop for accountants
Buy the if you want the best MacBook laptop for accountants
Buy the if you want the best portable laptop for accountants
Buy the if you want the best 14-inch laptop for accountants
Buy the if you want the best budget laptop for accountants

Computing

It’s time to stop believing these PC building myths

Hyte's Thicc Q60 all-in-one liquid cooler.

As far as hobbies go, PC hardware is neither the cheapest nor the easiest one to get into. That's precisely why you may often run into various misconceptions and myths.

These myths have been circulating for so long now that many accept them as a universal truth, even though they're anything but. Below, I'll walk you through some PC beliefs that have been debunked over and over, and, yet, are still prevalent.
Liquid cooling is high-maintenance (and scary)

Computing

AMD’s next-gen CPUs are much closer than we thought

AMD Ryzen 7 7800X3D held between fingertips.

We already knew that AMD would launch its Zen 5 CPUs this year, but recent motherboard updates hint that a release is imminent. Both MSI and Asus have released updates for their 600-series motherboards that explicitly add support for "next-generation AMD Ryzen processors," setting the stage for AMD's next-gen CPUs.

This saga started a few days ago when hardware leaker 9550pro spotted an MSI BIOS update, which they shared on X (formerly Twitter). Since then, Asus has followed suit with BIOS updates of its own featuring a new AMD Generic Encapsulated Software Architecture (AGESA) -- the firmware responsible for starting the CPU -- that brings support for next-gen CPUs (spotted by VideoCardz).