[Wolves] G-Mail
Kevanf1
kevanf1 at gmail.com
Mon Nov 1 14:01:41 GMT 2004
No surprises there then :-)
Didn't Yahoo have something similar when they first offered their
webmail service?
On Mon, 1 Nov 2004 12:55:35 -0000, Philip Moore <ptm48 at uklinux.net> wrote:
>
> Hi
>
> I saw an interesting report on Thre Register - I thought those who use
> G-Mail may be interested. The report reads:
>
>
>
> By John Leyden
>
> Published Friday 29th October 2004 16:50 GMT
>
> Google's high profile webmail service, Gmail, is vulnerable to a security
> exploit that might allow hackers full access to a user's email account
> simply by knowing the user name, according to reports.
>
> The security flaw allows full access to users' accounts, with no need of a
> password, Israeli news site Nana says . Using a hex-encoded XSS link, the
> victim's cookie file can be stolen by a hacker, who can later use it to
> identify himself to Gmail as the original owner of an email account,
> regardless of whether or not the password is subsequently changed. Following
> up a tip from an Israeli hacker, journos from the site confirmed the attack
> and verified the exploit with local security firm Aladdin Knowledge Systems.
>
> It's unclear whether the hole has been maliciously exploited. Google has
> been notified of the issue and is reportedly working on a fix. No-one from
> the company was available to update The Register on the issue at time of
> going to press. ®
>
> Philip Moore
>
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves
>
>
--
Take care.
Kevan Farmer
34 Hill Street
Cheslyn Hay
Staffordshire
WS6 7HR
More information about the Wolves
mailing list