GMail Account Bug

***tacoX*** · 01-21-2005, 12:24 PM

An Israeli hacker has uncovered a flaw in Froogle, Google's price-comparison service, which could allow access to users' Gmail accounts. Nir Goldshlager, who discovered the flaw, warned that URL-embedded Javascript could end up causing personal information to be revealed. If users execute the script by clicking a link, they would be redireted to a malicious website. From there, hackers can read a user's cookie. It may contain personal information, such as purchase histories, or the username and password used to access Google services - such as Gmail. Goldshlager warned that even if the user chooses not to save the cookie, the hacker can still discover the username and password for other services such as Google Alerts and Groups because of the way that data is stored.

Source: http://www.caffeinatednews.com/display.php?id=37

***Dale*** · 01-21-2005, 01:54 PM

Bit dodgy ... Google shouldn't have made a mistake like that ... Do google know about this ? Or is it just floating around the net at the moment?

**Oblivion** · 01-21-2005, 07:54 PM

I have GMail. Im not worried because i dont use Froogle... Im to young... hooray!

But i dont really have any personal info to give out... well my firstname is
Eric and my lastname is Mosoff (heh maybe...)

eric.mosoff@gmail.com

gotta luv fake names sometimes

***tacoX*** · 01-21-2005, 08:35 PM

You dont have to use froogel to get hacked. It has been circulating around various computer hacking sites - im sure google is aware of it now (and in the act of fixing it).

***Dale*** · 01-22-2005, 09:20 AM

And how did you find out about this Taco?Lol, hacking sites eh :P

***tacoX*** · 01-22-2005, 09:30 AM

I guess, I was just reading on my buddies tech site and I thought it was an interesting article =).

I ain't no hacker dammit!

**WK Rainbow** · 01-22-2005, 11:10 AM

...There ain't NOTHIN' wrong with being a hacker...

This is an interesting exploit in Gmail. Kinda... simple, though. You'd think Google would've thought before they allowed something like this to happen.

***Dale*** · 01-22-2005, 06:11 PM

Yeh .. but they may have been looking for the more complex methods and ignoring the simple defects.

***tacoX*** · 01-22-2005, 06:18 PM

Keep in mind though that its still in beta mode - and not officially released to the public. We are still 'beta' testers.

**Tanna** · 01-23-2005, 04:57 AM

I thought Gmail was a little more secure... I have used gmail for some time now... so this is bad news for me..

» Search Forums

» Online Users: 16,254

» Site Navigation

» Stats

Thread: GMail Account Bug

Thread Tools

Search Thread

Display

Similar Threads

GMail Invites

GMail

Mah GMail Account!

Posting Permissions