The domain hosting Google Gadgets, the nifty programs that can be used to display content from several sites on the Web, can be used by phishers to get around anti-phishing filters, says a security researcher.
An excerpt from the piece at PC World | IDG News Service:
Security researcher Robert Hansen, a frequent critic of Google, reported the issue to the company's security team, but he was not satisfied with their response. He says Google told him that what he sees as a flaw is simply part of the site's expected behavior. Google couldn't be reached immediately for comment.
The researcher proposed that Google should restrict the URLs that use the domain gmodules.com for hosting gadgets. Here's a link to the actual response to what has been framed as an XSS hole (Tech.Blorge).
As always, caution is the best measure to use, with private and confidential data not being made available to sites hosted on the gmodules.com domain.