Text only | Text with Images

IDNetters Forums

Technical News & Discussion => Windows News & Discussion => Topic started by: Gary on Sep 28, 2007, 09:44:46

Title: Serious cross-site request forgery vulnerability found in Gmail
Post by: Gary on Sep 28, 2007, 09:44:46
Basically don't have your Gmail window open at the same time as browsing another site really, its a nasty bug that could see all your present and future email harvested by an attacker! Here is the link to the info
http://arstechnica.com/news.ars/post/20070927-cross-site-request-forgery-vulnerability-found-in-gmail.html
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Rik on Sep 28, 2007, 09:48:27
Thanks for that - luckily I never use the GMail web interface.
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Gary on Sep 28, 2007, 10:01:23
Quote from: Rik on Sep 28, 2007, 09:48:27
Thanks for that - luckily I never use the GMail web interface.
I do I must admit, so thought I should post it, as probably quiet a few people on here may do ;D
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Gary on Sep 28, 2007, 10:06:13
Web mail accounts with unlimited storage are great targets they are as valuable as bank accounts almost these days with the information contained within :(
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Simon on Sep 28, 2007, 20:20:38
In my opinion, Google is getting too big for it's boots.  OK, so Google Mail has been about for some time now, but the more they add to their ever increasing catalogue of gimmicks, the more they are going to be targeted by ne'er-do-wells, and therefore the less secure they will become.  I use Gmail, but with POP3, so I don't use the webmail interface, but I don't use the calendar or other facilities for fear of privacy compromises and / or data theft.
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Rik on Sep 29, 2007, 09:26:23
I agree, Simon. It's not just Google of course, there are too many organisations inviting us to share/store information. Thanks, but no thanks.  :o
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Gary on Sep 29, 2007, 10:41:33
Just to say Google have fixed the Gmail issue, for now >:D http://www.builderau.com.au/news/soa/Google-fixes-Gmail-ethical-hacker-vulnerability-/0,339028227,339282466,00.htm
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Rik on Sep 29, 2007, 11:49:56
Faster than a speeding Microsoft! :)
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Gary on Sep 29, 2007, 12:11:35
Quote from: Rik on Sep 29, 2007, 11:49:56
Faster than a speeding Microsoft! :)
Did you say a speeding Microsoft :o
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Rik on Sep 29, 2007, 12:14:31
Indeed. I just didn't say what speed, but think more tortoise than cheetah. :)
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Gary on Sep 29, 2007, 12:16:50
Quote from: Rik on Sep 29, 2007, 12:14:31
Indeed. I just didn't say what speed, but think more tortoise than cheetah. :)
You should work for them Rik ;) you have the spin on speeds well worked out,
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Rik on Sep 29, 2007, 12:23:08
That's because I am usually feeling dizzy. :)
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Gary on Sep 29, 2007, 12:27:00
Quote from: Rik on Sep 29, 2007, 12:23:08
That's because I am usually feeling dizzy. :)
Its all that RFI Rik ;D
Title: Re: Serious cross-site request forgery vulnerability found in Gmail
Post by: Rik on Sep 29, 2007, 12:29:17
Refreshments Frequently Imbibed?  ;)
Text only | Text with Images