Thread replies: 38
Thread images: 6
Thread images: 6
[CURRENTLY EXPLOITAB
Google deliberately shrugs off serious vulnerability 2016-09-01 16:01:56 Post No. 56374263
[Report] Image search: [Google]
Google deliberately shrugs off serious vulnerability 2016-09-01 16:01:56 Post No. 56374263
[Report] Image search: [Google]
Google deliberately shrugs off serious vulnerability
[CURRENTLY EXPLOITAB
2016-09-01 16:01:56
Post No. 56374263
[Report]
VULNERABILITY COULD ALLOW ATTACKERS TO STEAL USER'S CREDENTIALS OR EVEN PUSH ARBITRARY FILES
>We've investigated your submission and made the decision not to track it as a security bug. Only first reports of technical security vulnerabilities that substantially affect the confidentiality or integrity of our users' data are in scope, and we feel the issue you mentioned does not meet that bar.
http://www.youtube.com/watch?v=P0AMf7aBOfc
http://www.aidanwoods.com/blog/faulty-login-pages
>>
Time to hack some Jewgle users! ;^)
>>
>>56374263
holy shit how are they not considering this a vulnerability
>>
Can anyone confirm if this actually works?
>>
So basically I can create a website that looks like Google's login. Inject the url of it into the legitimate login page. When someone fucks up their password, it redirects to mywebsitefakelogin.com. They input their credentials there, and it goes to my database instead.
That's what I got out of it?
>>
>>56374263
Jesus christ, Google isn't consider this a security bug at all? What the fuck? Meeting that bar? Just fuck my shit up, senpaitachi
>>
>>56374263
Google's services are such a bloated clusterfuck
they need to gather everything in 2-3 sites max
>>
>>56374817
i dont think they even have to get it wrong. any password they put in to it it redirects them is what i am led to understand.
>>
I literally just changed my password yesterday because someone from texas logged into my account
Fuck you google, at least it's full of spam and shit
>>
>>56375370
Why are you not using 2 factor authentication?
>>
>>56374263
using google IS a vulnerability senpai
>>
>>56375370
>>56375903
Why do you have a Google account?
>>
>phishing is considered news now
hello neo/g/
>>
>>56376144
>currently exploitable security vulnerabilities are not relevant
You're either too tech-illiterate to know how to use this information, or you're a naïve white-hat cuck.
>>
My iPhone 6S does not have this problem.
>>
>>56376624
It doesnt have anything useful either
>>
>>56376815
It has everything you need. Apple knows your needs. It's Apple after all. Apple.
Apple.
>>
>>56376516
elaborate
>>
>>56375903
You either give a valid phone number or use an android device.
No thanks, I'll take my chances with the email being hijacked.
>>
>>56374263
>>56374616
It still works.
https://accounts.google.com/ServiceLogin?service=mail&continue=https://drive.google.com/file/d/0BzJA3kxsvXBqNFNvcGQzejBkZHM&ved=0ahUKEwibm96V9O7OAhXEPiYKHeVtD80QFggpMAY&usg=AFQjCNHIOHCvdyX6IhWFDhiJ-WROxJaidg
>>
>>56377517
What am I looking at? It's a PDF
>>
>>56374263
>Not using 2 step authentication
Wew
>>
>>56377564
No idea. I just found this link when I searched websites for public google drive files and it has scary Russian text.
>>
>>56377598
>>56377564
It's "download album бacтa 5 through torrent direct link" and a bunch of "downloaded, fine, thanks, you're the best, totally not malware".
Or hell, who knows, maybe it's legit. VKontakte is a hive of warez in general, because Russian site. I think. I have torrents, so I never even tried to get anything from there.
>>
>>56377517
>actually clicking a link somebody posted on /g/
>>
File: 1311763499070.jpg (31KB, 300x354px) Image search:
[Google]
31KB, 300x354px
>>56377565
>handing out your phone number to google
>>
File: 201607221946411006167005.png (5KB, 238x212px) Image search:
[Google]
5KB, 238x212px
>>56377768
>Letting Chinese log into your account without effort
>>
>>56377768
I used to use google voice b/c of the free offer w/ sprint
Then I realized every call log (not the call itself, but time, people and duration) was logged and there was not option to mass delete. I had to go by pages of 10 deleting for over two years worth of calls.
>>
File: dubsnotasuka.png (177KB, 320x386px) Image search:
[Google]
177KB, 320x386px
>>56377888
what a fucking waste of trips
>>
>>56377749
No viruses on Linux.
I guess the fact that I set up a sandbox for firefox just today might help a bit too.
In the worst case scenario, it installs somewhere in home, somehow manages to get itself to run with no privileges (good luck), and then I kill it next time I go into htop and notice the suspicious daemon.
>>
>>56374263
>http://www.youtube.com/watch?v=P0AMf7aBOfc
how the fuck did he come up with that
>>
>>56377517
Not falling for it
>>
File: 1451320824538.jpg (30KB, 542x296px) Image search:
[Google]
30KB, 542x296px
>>56377998
>No viruses on Linux.
>>
>>56377749
Hey, hey buddy.
Hey. Lookat this.
https://4chan.reddit.com
>>
File: 1303940995824.jpg (45KB, 340x499px) Image search:
[Google]
45KB, 340x499px
>>56377768
>Not porting your phone number to Project Fi for google phone service
>>
>>56377564
He us is demonstrating that "continue" parameter can accept pretty much anything on google so you can make a fake page redirect to a trojan hosted on google servers.
>>
>>56378655
https://reddit.com/r/4chan
SURPRISE
>>
>>56374287
>using the smiley with a carat nose
Thread posts: 38
Thread images: 6
Thread images: 6