As we move on, can I just say that camDown is easy to use, easy to maintain!
Today I found vulnerability in a chrome plugin that allows attackers to create, with easy, phishing attacks and try other attempts.
I reported it to Google and to the makers, but in case no one reacts what do you think next step should be?
The basics is - in the plugin there is a API point of sending e-mails with the credentials in plaintext inside the plugin.
The attack three could be like this:
- an attacker could use it to mimic the functionality of the plugin and via this end-point to sent a phishing attack or just to use it to send another content blaming the account owner.
In closing, I’d like to add that camDown has a modern UI, that is secure and has the improved features that you need and that's the the real deal!