| Page: 1 | Rating: Unrated [0] |
An Xss Hole Reported In Gmail
| Good [+1]Toggle ReplyLink» Zz.ee.vV replied on Mon Nov 22, 2004 @ 4:29pm |
 Coolness: 194970 | An XSS hole reported in Gmail
According to a Nana NetLife Magazine report, there is a cross-site scripting (XSS) vulnerability in Gmail, Google's webmail service. The flaw allows an attacker to steal a Gmail user's authentication cookie, providing access to the victim's account without having to know the password. Even changing the password does not help - the attacker can continue to freely login. XSS issues are present in many, many web applications. Unfortunately, many organizations are not set up to prevent XSS flaws during the software development cycle, and are quick to dismiss XSS vulnerabilities as being unreasonably difficult to exploit. In reality, the execution of XSS attacks is often not very challenging, and the exposure can be significant. The iDefense paper "The Evolution of Cross-Site Scripting Attacks" provides an excellent overview of XSS-related issues. You can access it at the following URL (the site requires free registration): [ idefense.com ] ------------------------------------- Is it just me or this is a little scary? It sucks because gmail rocks... hopefully they'll fix it asap. Good thing I'm not using any web based mail for really secure shit anyways...good old pop3. |
| Good [+1]Toggle ReplyLink» Mali replied on Wed Nov 24, 2004 @ 11:21am |
 Coolness: 203060 | yeah thats scary.... gmail pissed me off i sent all these emails from my account but no one got them so im complaining hardcoreeeeeeeeeeeee |
| Good [+1]Toggle ReplyLink» neoform replied on Wed Nov 24, 2004 @ 8:03pm |
 Coolness: 340610 | shit! now someone can see my email if they somehow hack in! now they'll see my webhosting invoices and random chatter with friends!! NoOOooOooooo!! |
| Good [+1]Toggle ReplyLink» Zz.ee.vV replied on Wed Nov 24, 2004 @ 11:10pm |
| Coolness: 194970 | Originally posted by HEATHER PIE HOLE...
yeah thats scary.... gmail pissed me off i sent all these emails from my account but no one got them so im complaining hardcoreeeeeeeeeeeee actually thats my biggest beef with gmail, its that some isps just block it. not their fault really, but fact stands nontheless... |
| Good [+1]Toggle ReplyLink» G__ replied on Thu Dec 16, 2004 @ 12:22am |
 Coolness: 142310 | e-mail...ROCKS |
| Good [+1]Toggle ReplyLink» Plan-C replied on Fri Dec 24, 2004 @ 10:20pm |
 Coolness: 63535 | so any news on whether or not this problem is gonna get fixed cuz i just got gmail too. |
| Good [+1]Toggle ReplyLink» Screwhead replied on Sun Dec 26, 2004 @ 12:19am |
 Coolness: 686535 | It was fixed like the same day... |
| Good [+1]Toggle ReplyLink» neoform replied on Sun Dec 26, 2004 @ 1:49am |
| Coolness: 340610 | who wants an invite? i just got 6 more (man it's been like 2 months since i got any invites...) |
An Xss Hole Reported In Gmail
| Page: 1 |
[ Top Of Page ] |
Post A Reply |
You must be logged in to post a reply.
[ Top Of Page ] |
