« Sharp’s 1 TB Blu-Ray Recorder One extra point for Blu-Ray | Home | Windows Media Center Internet TV Beta Launched »
Gmail Cookie Vulnerability Exposed
By Robert | September 28, 2007
It looks like Gmail is not as safe as I thought. Petko Petkov just proved that incoming emails and contacts can be stolen from Google Gmail clients. According to security researcher Chris Gatford, an application created by Petkov can be utilized to forward all of the emails one account receives. So far the potential has been proved although no cases have been reported about users suffering from this.
A cross site scripting vulnerability is used in order for a hacker to compromise any Gmail account. The catch is that the victim needs to be logged into their account and click on a special link. Once he/she does so, the hacker will gain access to the session cookies for Gmail. By then utilizing a POP account, the emails can be transmitted to another email. We need to realize that this is highly possible as people usually tend to forget to log out of their email accounts, be it Gmail, Yahoo mail or any other online service.
Google has a policy that retains cookies for two years. This fact can make this situation even worse. It actually means that the hacker will have the possibility to gain access to one’s Gmail account for around two years since the cookie was stolen. There are many organizations that could end up exposed as home users usually use private accounts to store work information according to analyst James Turner. The biggest problem is related to the regular home user, which most likely will not realize when control of his/her Gmail account was gained. It is very important that Google becomes aware of the problem and figures out a way to stop it from becoming a real problem. It would be a bad blow in their war with Yahoo Mail.
Topics: On The Web |
New iPhone ExploitYahoo Mail vs Gmail – Another RoundGoogle Docs Gets FoldersGoogle - April Fools?
