Google Blogoscoped

Forum

Google: we will share your name with anyone who asks us for it  (View post)

Juha-Matti Laurio [PersonRank 10]

Tuesday, September 23, 2008
11 years ago4,431 views

Back to the story Real-name-behind-gmail-users discussed in July
blogoscoped.com/forum/135954.h ...

link:
blogs.securiteam.com/index.php ...
with screenshots included

Above 1 comments were made in the forum before this was blogged,

Andy Wong [PersonRank 10]

11 years ago #

The markets with Google are still expanding and the top priority of Google is to occupy markets. Security and privacy is not yet a big concern to Google yet. A past example was Microsoft.

DOS, Windows 3.2, Win95/98 had little effective security mechanism, while Unix at early stage had implemented security. But Microsoft sold the easiness of Windows well, while security always has conflicts with easiness.

TOMHTML [PersonRank 10]

11 years ago #

"This is all a Chrome desktop app will show you – do you know at which domain you’re currently entering your Google password?" ==> that is really a wrong idea from Google, I do not like that. Just as the missing statusbar, you have to use your mouse (and not the keyboard) to roll over links to discover their target...
FAILED!

Ionut Alex. Chitu [PersonRank 10]

11 years ago #

IE has a similar feature called kiosk, but it's not accessible from the UI. Edit a IE shortcut and append
-k mail.google.com
or type in Start/Run:
iexplore -k mail.google.com

To exit the kiosk mode, press Alt+F4.

Juha-Matti Laurio [PersonRank 10]

11 years ago #

The fact how this will help phishing gangs has not been discussed yet

Philipp Lenssen [PersonRank 10]

11 years ago #

> The fact how this will help phishing gangs
> has not been discussed yet

You mean in the thread, in the post, or ...?

Philipp Lenssen [PersonRank 10]

11 years ago #

Google Lively now has adjusted the way it lets people enter their Google Account password to join a gadget room, perhaps in reaction to the phishing problem mentioned: they will now pop up a new window which shows the address bar. That's much better than before.

I wonder though, is it possible in today's browsers to pop up a window (on click) which then contains no address bar (which would allow you to add a HTML/CSS-faked address bar)? I just tried

var winRef = window.open('http: //example.com', 'somename', 'location=0');

which still showed the URL in several browsers but I'm not sure that's the right way. (I guess if it would be possible, it would be a browser issue, for starters.)

PS: The new login method is still not as good as using the same window would be. The site could still pop up a DHTML window that looks at least somewhat similar in some browsers to a regular new window.

Tony Ruscoe [PersonRank 10]

11 years ago #

Philipp, I think most, if not all, modern browsers always show the address bar in popups as a security feature even if it's switched off using JavaScript (unless the site is trusted) but there would be nothing stopping someone detecting which browser you were using an mimicking the browser window using DHTML and JavaScript to popup some kind of fake modal window with a fake URL. (It wouldn't appear in your task bar but how many would notice that?)

Then again, how many people even check URLs in their address bar before signing into their Google Account anyway. If you see a link on a website saying "Try this new service from Google" I bet many would just sign in without even checking the address bar...

Philipp Lenssen [PersonRank 10]

11 years ago #

Here's Google's official announcement, I just got an alert:

groups.google.com/group/lively ...

<<One of the main benefits of this version is a streamlined sign-in process, which should help with repeated sign-in problems, as well as alleviating phishing risks.>>

Juha-Matti Laurio [PersonRank 10]

11 years ago #

[put at-character here]Philipp:
Yes, I mean in this thread.

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!