The confidence game here is the same as any other. 1> Google is a legit, law abi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		001sky on Nov 6, 2014 \| parent \| context \| favorite \| on: Reflected File Download: A New Web Attack Vector The confidence game here is the same as any other. 1> Google is a legit, law abiding, legal accountable entity 2> Because of (1), the download likely has the attributes associated with google, not more commonly with "bad guys" 3> The probability of google being spoofed is low enough to not empirically validate the premise or conclusion of (1) 4> Smart people therefore do dumb things as a result of (3) 5> Smart people doing dunmb things is a lucrative proposition, because smart people have money/wealth

danielweber on Nov 6, 2014 [–]

Send it to their Gmail account. Tell them to download the attached file, which will "come from google.com."

geofft on Nov 6, 2014 | [–]

It comes from https://mail-attachment.googleusercontent.com, so it's not super useful for the sort of attacks that this approach would be used for.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact