|
|
||||||
|
#1
09-26-07, 08:37 PM
|
|
|
|
|
http://www.gnucitizen.org/blog/googl...ack-technique/
While being logged into Gmail with the brower interface, IF one opens another tab/browser window and stumbles across an 'evil' site, the 'evil' site can inject a filter into the Filter List. The attacker can then forward emails wherever they want via the filter. The above site contains graphics that show how this is accomplished. > The attack will remain present for as long as the victim has the filter within their > filter list, even if the initial vulnerability, which was the cause of the injection, is > fixed by Google. Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance http://blogs.zdnet.com/security/?p=539 > The unpatched GMail bug, which was demonstrated for me by hacker Petko D. Petkov, is > particularly nasty because of the way the exploit works without any user action and the > fact that it’s difficult for the average GMail user to know that e-mails are being stolen. MowGreen [MVP 2003-2007] =============== *-343-* FDNY Never Forgotten =============== |
|
|
|
#2
09-27-07, 05:32 PM
|
|
|
|
|
"MowGreen [MVP]" <mowgreen> wrote in message
news:3848 > [..] > While being logged into Gmail with the brower interface, IF one opens > another tab/browser window and stumbles across an 'evil' site, the > 'evil' site can inject a filter into the Filter List. The attacker can > then forward emails wherever they want via the filter. > The above site contains graphics that show how this is accomplished. > Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search > Appliance > [..] Simple remedy... Use Firefox with No-Script: GMail POST Mortem, CSRF Countermeasures and NoScript Misconceptions: http://hackademix.net/2007/09/26/gmail_csrf/ -jen |
|
#3
10-01-07, 08:05 PM
|
|
|
|
|
"jen" <jen> wrote:
> Simple remedy... Use Firefox with No-Script: > GMail POST Mortem, CSRF Countermeasures and NoScript Misconceptions: > [..] In other news, people who do not breathe are less likely to catch airborne disease. |
|
|
| Similar Threads | |
| Blocking Google's Assc like orkut,youtube, Gmail , Except Google. We have isa2004 installed . i blocked orkut and youube, but found that users were able to accesses these sites. But when i disable google.com i found that these sites got... |
|
| how do I add gmail (google e-mail) to office outlook. I found information and seem to have successfully lnked up with my yahoo mail, but can't find info to do the same for my gmail acct. |
|
| Sent To Configure to use with webmail Google Mail (gmail) Account Hi, I use WinXP Prof. Using Google Mail alias Gmail (Web-Based E-Mail). I would like to use the "send to" function, in order to easily send files via the internet. I would... |
|
| Gmail, Google calendar and Windows live mail Recently obtained a gmail account (wanted to test IE 7.0 with Gmail) Clean system, Zone Alarm Pro 6.1.7, Panda Antivirus, system specs already posted several... |
|
| Sent To Configure to use with webmail Google Mail (gmail) Account Hi, I use WinXP Prof. Using Google Mail alias Gmail. I would like to use the "send to" function, in order to easily send files via the internet. I do not know how to... |
|
|
All times are GMT. The time now is 11:37 AM. | Privacy Policy
|
Google Gmail E-mail Hijack