DEFCON, the “underground hacker convention” currently underway in its sixteenth gathering at the Riviera Hotel & Casino in Las Vegas, Nevada, gave a mic to SecTheory CEO Robert Hansen (not to be confused with R. Hanssen, the former FBI agent infamous for spying against the U.S. for 20+ years), who proceeded to peg Google as slipshod in its pursuit for all the world’s knowledge. Widgets, too.
- causing a victim's browser to access a router and change domain name system server addresses or other sensitive settings;
- port scanning a network to conduct surveillance;
- using cross-site request forgery techniques to force victim PCs to follow links to malicious sites.
Hansen spoken the now common refrain of a phishing hazard that could compel “less tech-savvy users who don’t know to check the browser bar (to verify URL authenticity)” to potentially compromise their security. The risk of divulging data is heightened by the fact that a URL with the name ‘gmodules.com’ presents itself when the hole is exploited, said Hansen, which might deceive people otherwise conscious of peculiar changes within the address bar.