📢 #Gate Square Writing Contest Phase 3# is officially kicks off!
🎮 This round focuses on: Yooldo Games (ESPORTS)
✍️ Share your unique insights and join promotional interactions. To be eligible for any reward, you must also participate in Gate’s Phase 286 Launchpool, CandyDrop, or Alpha activities!
💡 Content creation + airdrop participation = double points. You could be the grand prize winner!
💰Total prize pool: 4,464 $ESPORTS
🏆 First Prize (1 winner): 964 tokens
🥈 Second Prize (5 winners): 400 tokens each
🥉 Third Prize (10 winners): 150 tokens each
🚀 How to participate:
1️⃣ Publish an
The lead developer of ENS exposes a vulnerability that allows phishers to mimic Google's official alerts
PANews reported on April 17 that according to Bitcoin.com reports, Nick Johnson, the chief developer of ENS, revealed a sophisticated phishing attack that exploited vulnerabilities in Google's systems, especially the recently fixed OAuth vulnerability. According to Johnson, the attackers first sent a fraudulent email that appeared to be from Google's legal department, falsely claiming that the recipient's account was involved in a subpoena investigation. These emails are digitally signed with real DKIM and are sent from Google's official no-reply domain, so they can easily bypass Gmail's spam filtering. Johnson noted that the credibility of the scam was greatly enhanced by a sites.google.com hyperlink to a fake support portal. This fake Google login page exposes two major security vulnerabilities: first, the Google Sites platform allows arbitrary scripts to be executed, allowing criminals to create pages that steal credentials; The second is that the OAuth protocol itself is flawed. Johnson condemned Google's initial view of the vulnerability as "as expected by design" and stressed that the vulnerability posed a serious threat. To make matters worse, fake portals use the trusted domain name of sites.google.com as a cover, greatly reducing the vigilance of users. In addition, Google Sites' abuse reporting mechanism is not perfect, which makes it difficult for illegal pages to be closed in a timely manner. Under public pressure, Google eventually admitted that there was a problem. Johnson then confirmed that Google plans to fix a flaw in the OAuth protocol. Security experts remind users to be vigilant, to be suspicious of any unexpected legal documents, and to carefully verify the authenticity of the URL before entering their credentials.