Google says that recent reports on a Gmail vulnerability aren’t true (Google might mean this one at GeekCondition.com, as blogged here earlier; my emphasis in the quote):
We’ve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners’ domains by unauthorized third parties. At Google we’re committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerability.
With help from affected users, we determined that the cause was a phishing scheme
Google continues to write, “Several news stories referenced a domain theft from December 2007 that was incorrectly linked to a Gmail CSRF vulnerability. We did have a Gmail CSRF bug reported to us in September 2007 that we fixed worldwide within 24 hours of private disclosure of the bug details.” I contacted Brandon at GeekCondition yesterday to find out more but haven’t heard back from him yet.
[Thanks A.!]
Please join the existing comments.
>> More posts
Advertisement
This site unofficially covers Google™ and more with some rights reserved. Join our forum!