14 comments

[ 3.6 ms ] story [ 50.0 ms ] thread
Anybody want to take bets on how long until we see a phishing attack based on this? 20$ says within a month of when this is live.
Is that an argument for doing googling over https? Or maybe trying to get first usage of the new secured DNS (I apologize I am off-news and don't know how that will be working...)?
You mean DNSSEC? That would protect against cache poisoning but not certain it applies here.
Not really. The assumption here is that the attacker installed malware on the target computer to get their traffic redirected to the proxy. Once the computer is compromised there are any number of ways to nullify any signing benefits from ssl or dnssec.
welcometo: http://www.fullmalls.com The website wholesale for many kinds of fashion shoes, like the

nike,jordan,prada,, also including the jeans,shirts,bags,hat and

the decorations. All the products are free shipping, and the the

price is competitive, and also can accept the paypal payment.,after

the payment, can ship within short time. free shippingcompetitive priceany size availableaccept the paypal ===== http://www.fullmalls.com =====

jordan shoes $32nike shox $32Christan Audigier bikini $23 Ed Hardy Bikini $23Smful short_t-shirt_woman $15ed hardy

short_tank_woman $16Sandal $32christian loubo utin $80 Sunglass $15 COACH_Necklace $27handbag $33AF tank woman $17puma slipper woman $30

===== http://www.fullmalls.com =====

===== http://www.fullmalls.com =====

===== http://www.fullmalls.com =====

===== http://www.fullmalls.com =====

===== http://www.fullmalls.com =====

What I see as a problem is that it legitimizes the idea of a message in a browser telling you that your computer is infected with malware.

A rule of thumb I've given to the confused class of users is that only antivirus programs or Windows will tell you something like this, and that if a browser window pops up and claims to be running a scan it's lying. Now Google is screwing that all up.

Considering I got Google+ phishing attempts 3 days after creating an account, I'd bet the same.
Google is using its technology to a lot more than only protect us from malware.
imagine if your computer was infected and it injects html looking like that and take you somewhere else instead of google
What? If the malware can do that it would easier for them just redirect them with javascript to any site.
If your computer was infected that bad, then there's no one can help you know, include Google. Google just try to help.
Google's Help page lets their users Google for 'antivirus', because they don't want to endorse any product. Now they have to warn users which AV not to install as well, because their own results might show up harmful programs...

Then they assume their users, who managed to get infected in the first place, are computer literate enough to know how to install it and know what a systemscan is.

I admire that Google is trying to help their users help themselves, but I seriously doubt a lot of users will be able to solve the problem based on these steps...

Google's Help page lets their users Google for 'antivirus', because they don't want to endorse any product.

Like the novice setting random weightings on a neural network so it won't be biased (and the master saying it will still be biased only now you won't know how), refusing to endorse one as the best doesn't make them all equal ( but it does leave the decision to someone less able to make it.)