« Microsoft Aims For Google With Live Search Upgrade
iPhone updates: patching security holes and blacklisting SIM-unlock »
Security

Gmail cookie vulnerability exposes user’s privacy

Sep 27, 2007   1 pm
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Technorati
  • Furl

gmail-logo Can be used to steal contacts and incoming e-mails from Google Gmail users.

A proof-of-concept program, by a hacker group “GNUCitizen”, demonstrate the vulnerability, which can be used for malicious purposes.



Attackers could compromise a Gmail account–using a cross-site scripting vulnerability–if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account’s messages to a POP account.

‘If someone picks up on this before Google fixes it–or if someone knew of the vulnerability before this guy published it–this could be very damaging to Gmail users,’ ‘Once you’ve managed to snarf a cookie, you can access (a user’s) Gmail account without the password for the next two years,’

Google was unavailable to comment at the time of writing.

View: Full Story
Tags: , , ,
This entry was posted on Thursday, September 27th, 2007 at 1:13 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

Name:

eMail:

Website:

Comment: