makeuseof.com— Several things have happened in the last two days that have made me believe that Gmail has a serious security flaw and everyone should be aware about it.
Nov 22, 2008View in Crawl 4
There is no proof that the domain thief is a cracker, or that they ever directly accessed the Gmail account. Yes, they added filters through some trickery. It doesn't mean they ever logged into the account.More likely methods would be through the legitimate user's own session via browser exploit or Trojan Horse plus injection to create a new filter.
Your point is you use GMail for banking and GMail is common, so it must be a direct fault of that user, not any fault of GMail. This is some bad logic. The article did show a reason, but you apparently missed it. The reason was leaving GMail open/logged on while going to a malicious site. Cookie stealing, session stealing, and XSS are common attacks on accounts like mail and My Space.Another possibility, not mentioned in the article, is a recent MAJOR XSS security vulnerability released for the SSL Google login page. So your beloved GMail is not above mistakes! Thank you, come again!<a class="user" href="http://xssed.com/news/79/Google_accounts_SSL_login_page_suffers_from_highly_critical_XSS/">http://xssed.com/news/79/Google_accounts_SSL_login ...</a>
tunafishgangstaNov 22, 2008
There is no proof that the domain thief is a cracker, or that they ever directly accessed the Gmail account. Yes, they added filters through some trickery. It doesn't mean they ever logged into the account.More likely methods would be through the legitimate user's own session via browser exploit or Trojan Horse plus injection to create a new filter.
gioma1Nov 23, 2008
You're wrong, NoScript has several features to improve SSL support of "lazy" sites:<a class="user" href="http://noscript.net/faq#https">http://noscript.net/faq#https</a>
socokoolaidNov 24, 2008
Your point is you use GMail for banking and GMail is common, so it must be a direct fault of that user, not any fault of GMail. This is some bad logic. The article did show a reason, but you apparently missed it. The reason was leaving GMail open/logged on while going to a malicious site. Cookie stealing, session stealing, and XSS are common attacks on accounts like mail and My Space.Another possibility, not mentioned in the article, is a recent MAJOR XSS security vulnerability released for the SSL Google login page. So your beloved GMail is not above mistakes! Thank you, come again!<a class="user" href="http://xssed.com/news/79/Google_accounts_SSL_login_page_suffers_from_highly_critical_XSS/">http://xssed.com/news/79/Google_accounts_SSL_login ...</a>
magnoliasouthNov 25, 2008
Update: I commented earlier, but this article is NOT inaccurate. For further information see <a class="user" href="http://blogs.zdnet.com/Google/?p=1188.">http://blogs.zdnet.com/Google/?p=1188.</a> For all you people who were defending gmail, you really should look into things before you digg something down and flag it as inaccurate.The writer was right.
magnoliasouthNov 25, 2008
Absurd? Really? What do you have to say about this then: <a class="user" href="http://blogs.zdnet.com/Google/?p=1188">http://blogs.zdnet.com/Google/?p=1188</a>