A recent discovered bug (by me) in Gmail can expose your email address and your contact list to spammers.
I have notified the Google Security team this morning and the bug hasn't yet been fixed, looks like it needs some attentions before Google will look deeper into it.
example: http://googlified.com.googlepages.com/contactlist.htm
digg it here: http://digg.com/security/Gmail_Bug_Your_Gmail_Contact_List_is_Being_Expose_to_Spammers |
Great find. Wonder how long it is before this gets fixed. I think I will log out of my Google Account until then. |
Doesn't seem to work here? I see no contact list on your page? |
This indeed works. But you should have given google more time to fix it. You're trading karma for hits here. |
It seams AJAX bug for pass one website to another. Give different user a different encryption for cookies only access at the user's own position can settle this. But will make the user feel diffcult when travel from here to their.
Google tech based on the classic internet procotol, the bugs from the old protocol. I think google have no way to settle them.
I also find a bug at google groups. At last, I know that is not google's reason. It is Smtp's bug. Nobody can fix it. Or fix all. |
Now you've made the Diggers angry. Uh oh. |
It's really a MAJOR issue found by Haochi. Poor googlers who have to fix it since the first hour of the year... ;-) |
Haha, the Digg comments are really funny. :) |
There is a new report saying Google Security Team has fixed it already: "Serious Gmail vulnerability fixed" http://blogs.zdnet.com/Google/?p=434 |
Haochi, as you probably know by now, you got to give the Google security team more time than a couple of hours to get back to you (unless posting about the vulnerability doesn't help abusers, but only helps users). I guess something like a week or more is more realistic... |
31st Dec but not listed in this thread earlier. |
My post including the release date of ZDNet Blog entry is a reply to Ionut Alex. Chitu... |