Tuesday, November 25, 2008

Re: Malicious Setting Up of Filters in Gmail?

Google says that recent reports on a Gmail vulnerability aren’t true (Google might mean this one at GeekCondition.com, as blogged here earlier; my emphasis in the quote):

We’ve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners’ domains by unauthorized third parties. At Google we’re committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerability.

With help from affected users, we determined that the cause was a phishing scheme

Google continues to write, “Several news stories referenced a domain theft from December 2007 that was incorrectly linked to a Gmail CSRF vulnerability. We did have a Gmail CSRF bug reported to us in September 2007 that we fixed worldwide within 24 hours of private disclosure of the bug details.” I contacted Brandon at GeekCondition yesterday to find out more but haven’t heard back from him yet.

[Thanks A.!]

Please join the existing comments.

Re: Malicious Setting Up ... by Philipp Lenssen

>> More posts

Advertisement