October 30, 2004
Gmail security vulnerability revealed
An Israeli news site is reporting that a hacker has identified a means to spoof gmail authentication using an XSS exploit. [Via Slashdot]
This is also being reported at The Register
-
If some hacker wants to look at copies of my PBeM mail and my daily emails from various newspapers, more power to her. Obviously there are things in email you don't want to have sent around, but I really wonder what most people keep in their email that might make it generally valuable, as opposed to embarrassing if read by friends and neighbors. Most ecommerce sites I deal with star out credit card numbers I use with them, and very little else I have in my email could be considered financially valuable. The one thing I can see being valuable is my passwords, which could theoretically get you into card-linked ecommerce sites. One of the downsides of gmail to me is that I'd have to make an effort to get rid of any "I forgot my password" emails, which I normally delete immediately as a security risk. Fortunately, I don't send them to my gmail account.
-
n00bish question of the day: how is gmail different from other email?
-
bees - You get that "not so fresh" feeling without Gmail
-
Unlike other online email clients, Gmail is against the use of gold teeth.
-
And it has cleverly replaced the letter "e" with the letter "g".
-
less spam cause it's a new account ;) I keep seperate accounts so not a big worry for me. Gmail is for my online registrations etc. My top secret agent women stuff is sent elsewhere. *adjusts tin foil hat*
-
*adjusts tin foil hat* Ah, thanks! That feels much better.
-
I have, recently, used my gmail account for everything. I'm quite taken with it. However, breaking in to my account will get the hacker nothing but "blahblah user has joined MonkeyFilter" emails and the occasional complaint/gossip/feature request. Unless, of course, they're hacking gmail just for the viruses in my spam folder.
-
Same here. They're welcome to my message board signup mails. Of course, I'd probably not clickyclicky on the exploit link anyway...
-
Where do hackers find time to look for useless exploits like this? What does it prove.. that a login can be cracked?
-
one word rolypolyman, ego. Well that and bragging rights. On the flip side making the internets safer for all of us, just depends whether your a 'white hat' or a 'black hat' aka hacker or cracker. Sadly not everyone is careful with their personal information - I know of one woman who uses her hotmail account to store personal information including credit card numbers - yikes! you're welcome tinfoil sorting hat :)
-
OMG!!!2! Some haxxor dud3 has just hacked my GMail account, read all my like totally impersonal email, and sent a question about the likelihood of the mob finding you if you relocate to another city to the Crime-Writers' mailing list. Egads! What's I to do now?
-
The thought of a l33t haxx0r reading my personally targetted TextAds fills me with dread.