GMail users, read

Important news and announcements.

Moderator: Moderators

Postby DenisF » Sun Oct 31, 2004 5:54 pm

Since there are alot of GMail users here, i felt that warning you lot if very important.

Google's high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user's email account simply by knowing the user name, according to reports. The security flaw allows full access to users' accounts, with no need of a password, Israeli news site Nana says.

Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed. Following up a tip from an Israeli hacker, journos from the site confirmed the attack and verified the exploit with local security firm Aladdin Knowledge Systems.



Source: <a href='http://www.neowin.net/comments.php?id=25280&category=main' target='_blank'>Neowin</a>


In plain english - I strongly suggest removal of any high-profile emails [like paypal passwords, and such] from your gmail account.
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby Matej » Sun Oct 31, 2004 6:10 pm

Huh. Thank god i don't use my account.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby afonic » Sun Oct 31, 2004 6:52 pm

I never keep important password in email accounts, it's too risky. The best storage method for your passwords (1024-bit) is write it on a piece of paper. You can even hide it somewhere!

Now to the subject, this one is really dangerous, but I bet it will be fixed really soon now that it is public.
User avatar
afonic
Forum Admin
Forum Admin
 
Posts: 686
Joined: Tue Oct 14, 2003 11:11 pm
Location: Salonica, Greece

Postby DenisF » Sun Oct 31, 2004 7:23 pm

Yup.
i'm sure it'll get fixed soon, but this is just one of those things that justifies downloading your email every 5 minutes via pop3.

having my passwords sit on a remote server somewhere in teh google HQ is safe from me, but then again - how much of a threat am i compared to a multitude of l33t h4x0rz who sit all day and try to break gmail...
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby sjaz » Sun Oct 31, 2004 11:34 pm

uber.
User avatar
sjaz
Forum Admin
Forum Admin
 
Posts: 694
Joined: Fri Feb 14, 2003 11:08 pm
Location: London, UK


Return to Read this!

Who is online

Users browsing this forum: No registered users and 1 guest