Google Blogoscoped

Forum

Malicious Setting Up of Filters in Gmail?  (View post)

Kirby P [PersonRank 0]

Sunday, November 23, 2008
15 years ago6,701 views

I know this exploit was a problem 2 years ago but I thought Google had a solution?

Ionut Alex. Chitu [PersonRank 10]

15 years ago #

This post is related: http://www.davidairey.com/google-gmail-security-hijack/ (Dec. 2007)

Rohit Srivastwa [PersonRank 10]

15 years ago #

i thought it was fixed then...
is it still working???

Mysterius [PersonRank 10]

15 years ago #

I'm not familiar with this. Is this an unpatched hole, or a new version based off an old exploit?

Juha-Matti Laurio [PersonRank 10]

15 years ago #

That vulnerability reported in Dec '07 had so much media attention that it's very difficult to believe it as unpatched today.

Matt Cutts [PersonRank 10]

15 years ago #

I believe the 2007 issue was fixed. What's strange is that the new post on geekcondition.com boils down to an unmentioned way of stealing cookies. I believe some Googlers were trying to contact Brandon soon after his post for more info, but haven't yet heard back. Hopefully we'll hear back soon and can check it out though.

Philipp Lenssen [PersonRank 10]

15 years ago #

(Update: Added Matt's comments in the post.)

Michael Chelen [PersonRank 1]

15 years ago #

That's what is confusing me, even though the ways to coopt the filters feature is interesting. It all hinges on a malicious script accessing private authentication cookies, and does not explain how this is possible?

Matt Cutts [PersonRank 10]

15 years ago #

Michael Chelen, good point. The Gmail team looked into it and it looks like it was actually phishing.

Juha-Matti Laurio [PersonRank 10]

15 years ago #

More here:
http://www.readwriteweb.com/archives/gmail_exploit_may_aid_domain_h.php

Juha-Matti Laurio [PersonRank 10]

15 years ago #

Now Geek Condition guys are linking to the official response:

'OFFICIAL UPDATE FROM GOOGLE:

Gmail Security and Recent Phishing

We’ve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners’ domains by unauthorized third parties. At Google we’re committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerability….'

http://geekcondition.com/

Juha-Matti Laurio [PersonRank 10]

15 years ago #

BTW: this was expected..

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!