<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I saw an interesting report on Thre Register - I
thought those who use G-Mail may be interested. The report reads:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt">By <A
href="http://forms.theregister.co.uk/mail_author/?story_url=/2004/10/29/gmail_vuln/">John
Leyden</A></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
style="FONT-SIZE: 10pt">Published Friday 29th October 2004
16:50 GMT</SPAN></P>
<P>Google's high profile webmail service, Gmail, is vulnerable to a security
exploit that might allow hackers full access to a user's email account simply by
knowing the user name, according to reports.</P>
<P>The security flaw allows full access to users' accounts, with no need of a
password, Israeli news site Nana <A
href="http://net.nana.co.il/Article/?ArticleID=155025&sid=10"
target=_blank>says</A> . Using a hex-encoded XSS link, the victim's cookie file
can be stolen by a hacker, who can later use it to identify himself to Gmail as
the original owner of an email account, regardless of whether or not the
password is subsequently changed. Following up a tip from an Israeli hacker,
journos from the site confirmed the attack and verified the exploit with local
security firm Aladdin Knowledge Systems.</P>
<P>It's unclear whether the hole has been maliciously exploited. Google has been
notified of the issue and is reportedly working on a fix. No-one from the
company was available to update <EM>The Register</EM> on the issue at time of
going to press. ®</P>
<P><FONT face=Arial size=2>Philip Moore</FONT></P></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT><A
href="mailto:Wolves@mailman.lug.org.uk"></A> </DIV></BODY></HTML>