[Wolves] G-Mail

Kevanf1 kevanf1 at gmail.com
Mon Nov 1 14:01:41 GMT 2004

No surprises there then :-)

Didn't Yahoo have something similar when they first offered their
webmail service?

On Mon, 1 Nov 2004 12:55:35 -0000, Philip Moore <ptm48 at uklinux.net> wrote:
> Hi 
> I saw an interesting report on Thre Register - I thought those who use
> G-Mail may be interested. The report reads: 
> By John Leyden 
> Published Friday 29th October 2004 16:50 GMT 
> Google's high profile webmail service, Gmail, is vulnerable to a security
> exploit that might allow hackers full access to a user's email account
> simply by knowing the user name, according to reports. 
> The security flaw allows full access to users' accounts, with no need of a
> password, Israeli news site Nana says . Using a hex-encoded XSS link, the
> victim's cookie file can be stolen by a hacker, who can later use it to
> identify himself to Gmail as the original owner of an email account,
> regardless of whether or not the password is subsequently changed. Following
> up a tip from an Israeli hacker, journos from the site confirmed the attack
> and verified the exploit with local security firm Aladdin Knowledge Systems.
> It's unclear whether the hole has been maliciously exploited. Google has
> been notified of the issue and is reportedly working on a fix. No-one from
> the company was available to update The Register on the issue at time of
> going to press. ® 
> Philip Moore 
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves

Take care.
Kevan Farmer

34 Hill Street
Cheslyn Hay

More information about the Wolves mailing list