Petko Petkov who is famous for discovering a number of vulnerabilities with Adobe and Microsoft products has revealed an extremely serious vulnerability in GMail. Using a simple HTML command which Petkov calls a “multipart/form-date POST”, a hacker would be able to inject a filter into the users GMail account. The vulnerability exists as long as a person has their GMail account open while they surf other sites. The flaw will not give them access to your account per se, but it will give them access to any mail that fits the filter rules that they create.
People use their email accounts for a lot of things, but the real danger is that it could be used to capture peoples’ passwords from various sources using typical password retrieval procedures. That potentially exposes people to significant financial risks. For people using Firefox, the NoScript plugin would seem to be enough to maintain account security. If you do not want to run no-script, then it would pay to check your forwarding filters periodically.
Source: PCWorld
Related Posts :
1 response
WorkCandy » Gmail Has Security Issues
Sep 28, 2007 at 1:32 pm
[...] went and did the fix that they suggested but it just reminds me how crappy a small percentage of the populace is. I love gmail and I just [...]
Leave a Comment