Serious cross-site request forgery vulnerability found in Gmail

Started by Gary, Sep 28, 2007, 09:44:46

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Gary

Basically don't have your Gmail window open at the same time as browsing another site really, its a nasty bug that could see all your present and future email harvested by an attacker! Here is the link to the info
http://arstechnica.com/news.ars/post/20070927-cross-site-request-forgery-vulnerability-found-in-gmail.html
Damned, if you do damned if you don't

Rik

Thanks for that - luckily I never use the GMail web interface.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Rik on Sep 28, 2007, 09:48:27
Thanks for that - luckily I never use the GMail web interface.
I do I must admit, so thought I should post it, as probably quiet a few people on here may do ;D
Damned, if you do damned if you don't

Gary

Web mail accounts with unlimited storage are great targets they are as valuable as bank accounts almost these days with the information contained within :(
Damned, if you do damned if you don't

Simon

In my opinion, Google is getting too big for it's boots.  OK, so Google Mail has been about for some time now, but the more they add to their ever increasing catalogue of gimmicks, the more they are going to be targeted by ne'er-do-wells, and therefore the less secure they will become.  I use Gmail, but with POP3, so I don't use the webmail interface, but I don't use the calendar or other facilities for fear of privacy compromises and / or data theft.
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

I agree, Simon. It's not just Google of course, there are too many organisations inviting us to share/store information. Thanks, but no thanks.  :o
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.


Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Damned, if you do damned if you don't

Rik

Indeed. I just didn't say what speed, but think more tortoise than cheetah. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Rik on Sep 29, 2007, 12:14:31
Indeed. I just didn't say what speed, but think more tortoise than cheetah. :)
You should work for them Rik ;) you have the spin on speeds well worked out,
Damned, if you do damned if you don't

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Damned, if you do damned if you don't

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.