Overclock.net › Forums › Industry News › Software News › [ARS] Don’t trust OAuth: Why the “Google Docs” worm was so convincing
New Posts  All Forums:Forum Nav:

[ARS] Don’t trust OAuth: Why the “Google Docs” worm was so convincing

post #1 of 2
Thread Starter 
Quote:
n evil phishing worm masquerading as "Google Docs" took the Internet by storm today. It sent an e-mail claiming to be from a friend or relative who wanted to share a document with you. Clicking on the "Open in Docs" button asked you to log in to Google, then it popped up a familiar OAuth request asking for some permissions. If you clicked "Allow," the permissions granted it full control over your e-mail and access to all your contacts. The worm then e-mailed everyone in your contacts list before doing god-only-knows what else to the victim's e-mail.

Source

This hit a few people at work yesterday. Also explains why Google docs were down yesterday afternoon.
Crimson Thunder
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 4.2ghz 1.27v Biostar TZ77XE3 Asus R9 390 STRIX 8GB 16GB DDR3 1600 kingston hyper X 
Hard DriveOptical DriveCoolingOS
Samsung 500GB F1 + WD 1TB + Crucial 120GB SSD Asus DVD-RW SATA ARCTIC FREEZER i32 Push/Pull Corsair AF120 Windows 10 64 Professional 
MonitorKeyboardPowerCase
Crossover Q27 Cougar Attack X3 SeaSonic M12II 620W  AzzA Solano 1000 Full Tower 
MouseMouse PadAudio
Cyber Snipa SILENCER 5000DPI none X-Raider 5.1 PCI, Creative Inspire 5.1 surround  
  hide details  
Reply
Crimson Thunder
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500K @ 4.2ghz 1.27v Biostar TZ77XE3 Asus R9 390 STRIX 8GB 16GB DDR3 1600 kingston hyper X 
Hard DriveOptical DriveCoolingOS
Samsung 500GB F1 + WD 1TB + Crucial 120GB SSD Asus DVD-RW SATA ARCTIC FREEZER i32 Push/Pull Corsair AF120 Windows 10 64 Professional 
MonitorKeyboardPowerCase
Crossover Q27 Cougar Attack X3 SeaSonic M12II 620W  AzzA Solano 1000 Full Tower 
MouseMouse PadAudio
Cyber Snipa SILENCER 5000DPI none X-Raider 5.1 PCI, Creative Inspire 5.1 surround  
  hide details  
Reply
post #2 of 2
OAuth isn't the issue though since OAuth is basically just an algorithm. The problem here is how Google displays information about the app requesting access through their OAuth implementation.
Fractal Fury
(9 items)
 
TJ08-e Reborn!
(12 items)
 
CPUMotherboardGraphicsRAM
i7-5930k ASRock X99m Killer AMD Radeon Fury X G-Skill Ripjaws 4 32Gb 
Hard DriveCoolingKeyboardPower
Kingston Hyper-X Predator M.2 Corsair H100i GTX Ducky Shine III (MX Blue) EVGA Supernova 750 G2 
Case
Fractal Node 804 
  hide details  
Reply
Fractal Fury
(9 items)
 
TJ08-e Reborn!
(12 items)
 
CPUMotherboardGraphicsRAM
i7-5930k ASRock X99m Killer AMD Radeon Fury X G-Skill Ripjaws 4 32Gb 
Hard DriveCoolingKeyboardPower
Kingston Hyper-X Predator M.2 Corsair H100i GTX Ducky Shine III (MX Blue) EVGA Supernova 750 G2 
Case
Fractal Node 804 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ARS] Don’t trust OAuth: Why the “Google Docs” worm was so convincing