Gmail exploit

Discussion in 'NZ Computing' started by PseUDO, Oct 30, 2004.

  1. PseUDO

    PseUDO Guest

    Google's high profile webmail service, Gmail, is vulnerable to a
    security exploit that might allow hackers full access to a user's email
    account simply by knowing the user name, according to reports. The
    security flaw allows full access to users' accounts, with no need of a
    password, Israeli news site Nana says.

    Using a hex-encoded XSS link, the victim's cookie file can be stolen by
    a hacker, who can later use it to identify himself to Gmail as the
    original owner of an email account, regardless of whether or not the
    password is subsequently changed. Following up a tip from an Israeli
    hacker, journos from the site confirmed the attack and verified the
    exploit with local security firm Aladdin Knowledge Systems.

    From neowin today.

    PseUDO
    PseUDO, Oct 30, 2004
    #1
    1. Advertising

  2. PseUDO

    Ripping Silk Guest

    PseUDO wrote:
    > Google's high profile webmail service, Gmail, is vulnerable to a
    > security exploit that might allow hackers full access to a user's email
    > account simply by knowing the user name, according to reports. The
    > security flaw allows full access to users' accounts, with no need of a
    > password, Israeli news site Nana says.
    >
    > Using a hex-encoded XSS link, the victim's cookie file can be stolen by
    > a hacker, who can later use it to identify himself to Gmail as the
    > original owner of an email account, regardless of whether or not the
    > password is subsequently changed. Following up a tip from an Israeli
    > hacker, journos from the site confirmed the attack and verified the
    > exploit with local security firm Aladdin Knowledge Systems.
    >
    > From neowin today.
    >
    > PseUDO


    been fixed
    Ripping Silk, Oct 30, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jankemi(remove)
    Replies:
    16
    Views:
    575
  2. kritaly

    gmail blocks .rar files from non-gmail address

    kritaly, Aug 17, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    3,719
    Barry OGrady
    Aug 18, 2005
  3. Ramkumar

    Accessing GMail account from GMail Groups

    Ramkumar, Sep 25, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    3,714
    Mike Easter
    Sep 25, 2005
  4. Locke Nash Cole

    Google GMail exploit

    Locke Nash Cole, Oct 30, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    438
    Locke Nash Cole
    Oct 30, 2004
  5. thing
    Replies:
    6
    Views:
    1,076
    thing
    Dec 1, 2004
Loading...

Share This Page