Comments on: Google Gadgets a Phishing Scammers Dream?

By: Radley Sustaire

Radley Sustaire — Wed, 27 Feb 2008 11:18:36 +0000

I fell for this today, didn’t even give it a thought having not using iGoogle before. Once I saw the loading image I realized this wasn’t made by google (not noticing that the gadget was third party in the first place). I immediately changed my password.

Don’t get me wrong, I’ve seem people Phising and scamming all the time and do some moderate web design myself… But as you said, this can trap even experienced users.

Visiting the website though, although they have the perfect trap set I don’t see anything suspicious in the iframe, JS pages etc. Nothing seems to send data back to the server. Don’t take my word for that though, I’m a PHP guy – Javascript’s far too hard to read.

By: Michael Bierman

Michael Bierman — Mon, 17 Sep 2007 21:00:27 +0000

Good points, but AFAIK, the same problem exists with Yahoo! Widgets (aka Confabulator) and perhaps, even with FireFox extensions. I don’t know of any solid vetting that goes into any of these really cool gizmo’s that so many of us depend on every day. Most of them have source that is easily viewable–but how many of us carefully review every line of code before installing a gadget, widget, or extension? Certainly this is a barrier to newbies who can’t be expected to review their own code.

By: Steven Bradley

Steven Bradley — Mon, 17 Sep 2007 18:15:37 +0000

Hopefully Google will close the loophole. It’s a little scary and also easy to see how most people wouldn’t think twice about giving out the information.

The majority will probably assume they’re only giving the data to Google anyway an believe they’re completely safe.

By: Bidding Web Directory

Bidding Web Directory — Sat, 15 Sep 2007 19:35:00 +0000

Wow this is pretty scary.. But if you are webmaster and you use adsense and adwords, i think that you won’t login from any other site than google.com..

I think g-talk is the worst… Like e-buddy offering online IM and also g-talk is included. Any lame site can do e-buddy clone and steal visitor’s password, but i think there wouldn’t be so important infromation.

Just my opinion…

By: Joeychgo

Joeychgo — Sat, 15 Sep 2007 07:09:35 +0000

I sure wouldnt give up my login info under any circumstances.

By: Andy Beal

Andy Beal — Sat, 15 Sep 2007 00:27:59 +0000

I totally agree. I checked a service that would enhance Google Reader, but they wanted my login info – yeah, the same login that I used for Google Checkout!!! Not likely!

By: Christian

Christian — Fri, 14 Sep 2007 22:34:55 +0000

Great Article, it points out again how dangerous it is when only one company dominates a whole market. You get a lot of comfort like one account for everything but if this account gets stolen you are pretymuch f***ed up.
I couldnt imagine what would happen if someone gets his hands on my account… gmail, calander, adsense, checkout, adwords, blogspot etc so point that out – prety much my whole life in the hands of someone else. Thats scary.