An anonymous reader writes: In a case of sloppy automation run amok, Warner Bros’ copyright enforcement contractor — Vobile — issued takedown notices for legitimate distributors and Warner Bros’ own website, according to the BBC. It also asked the search giant to remove links to legitimate movie streaming websites run by Amazon and Sky, as well as Amazon-owned film database IMDB. Fortunately for them, Google chose to cut them a break and ignore those requests. Read more of this story at Slashdot.
Continued here:
Warner Bros Issues Takedown For Own Website
Trailrunner7 writes from a report via On the Wire: Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don’t consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user’s credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug, ] said an attacker also could send an arbitrary file to the target’s browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. “Attacker would not need to intercept traffic to exploit — they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter, ” Woods said. Google told Woods they don’t consider this a security issue. Read more of this story at Slashdot.