Google blocks phishing hole
Security problem affects the Public Service Search application, which lets institutions install Google search functions on their Web sites
Google has acknowledged the presence of a phishing hole on its Public Service Search application and has blocked access to the service until the problem is fixed.
The problem went public when blogger Eric Farraro posted details on Thursday on his software development blog. Farraro said that the customisable code in Google’s Public Service Search, which enables nonprofit institutions such as universities to install ad-free Google search functions on their Web sites at no cost, could be used to create a page hosted on the google.com domain.
Scammers could then use this to build fraudulent Google pages to lure people into handing over personal information, Farraro noted. He demonstrated this by creating a false “Gmail Plus” page: When unsuspecting visitors to the page tried to use their Gmail password to log in, the site delivered a “You (could have) gotten served!” message.
Read more: ZDNet UK