GMail vulnerability is a privacy threat

By Justin Mann on September 27, 2007, 10:44 AM
A vulnerability in Gmail has been discovered, or at least the cookies that it creates. The flaw, potentially exposing your account or letting someone pilfer other information, has serious implications. It relies on the cookies Gmail creates, a problem not alleviated by the fact that by default the cookies stored from Gmail persist for two years unless you erase them yourself.

A security researcher from Pure hacking (imagine that) has demonstrated a proof of concept program that can abuse Gmail in such a fashion that incoming email and contacts can be forwarded to others, assuming the user opens a bad URL:

According to Gatford, attackers could compromise a Gmail account--using a cross-site scripting vulnerability--if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account.
In my day to day work, I have encountered more and more people over time who have switched to Gmail for personal, school and even work use. The article brings that point up and makes it clear. People are very inclined to swap data between work and home, especially if it makes their daily work easier.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.