Google Bolsters Security To Prevent Another Google Docs Phishing Attack

Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.

And so the walled garden begins

[goombah99]

First they warn you about 3rd party apps that have not kowtowed to Google. Next they will only run google approved apps. and already many apps only run on chrome.

What's the algorithm?

[guruevi]

Does it send every site I visit to Google to check against some scammer database? Does it internally recognize the Google logo? I can't imagine that there is some HTML magic sauce that makes one site appear legitimate while the other isn't so there will be simple ways to avoid detection.

Comes too late for Podesta

[DNS-and-BIND]

Well, this is too late for Podesta, whose password reset email is archived for public viewing here. [wikileaks.org] If Google had had this protection back then, he would likely be Secretary of State under Hillary now. But instead he's stewing in his own juices, infuriated over the election result. Why's he so upset, though? I thought he was used to coming in a little behind...

Re:

[tlhIngan]

Well, this is too late for Podesta, whose password reset email is archived for public viewing here. If Google had had this protection back then, he would likely be Secretary of State under Hillary now. But instead he's stewing in his own juices, infuriated over the election result. Why's he so upset, though? I thought he was used to coming in a little behind...

Actually, I believe Podesta thought the email was phishy, and asked his much more in the knowledgeable IT friends about it, both of which said it was

"Google will protect you!"

[Anonymous Coward]

Substitute any $TECHCO you want for Google.

We're seeing a trend more and more to remove control of users over their own devices, and replace it with corporate control. Then things are done "to protect us" from $THREATOFTHEDAY.

The problem is: I cannot protect myself, if what's happening is hidden from me and my device treats me as the enemy, and I have a much, much better security track record than almost any $TECHCO. ("We take your security seriously" -> repeated ad nauseum after yet another breech imp

Re:

[93 Escort Wagon]

I am the Google Robot.
I am here to protect you.
Grandma is protected at the bottom of the stairs.

People who use a minority OS, for one

[tepples]

Some users of web applications are users of minority desktop or mobile platforms who are frustrated that developers of native applications lack the resources to port a particular native application to their platform. Other users of web applications are users of curated platforms who are frustrated that their platform's curator has rejected a particular native application.