19-12-04

don't click on google beta groups links

Simply having a user click a "groups-beta" link, any script ( read: malicious ) can be injected to the users browser ( confirmed by the author in Internet Explorer ). This appears to manifest itself if the malicious script is embeded in the content of the message body itself. Simply reading a group posting has the same effect.
http://www.zone-h.org/news/read/id=4439
and the proof of concept is online
bytheway  Google Groups is the usenet, the oldest, biggest archive and community of forums

17:12 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.