Hacker News new | past | comments | ask | show | jobs | submit login

I'm not sure it's worse, since it requires users to type their password into a non- google.com domain. Whereas the oauth phishing, everything was on google.com so it looked legit.



That is a good point. The flip side is having the account password is far more devastating.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: