Gmail security issue

Dec. 27th, 2007 01:48 pm
giza: Giza White Mage (Default)
[personal profile] giza
 
http://www.davidairey.co.uk/StaticPage.html

Yes, this has been fixed. But if you use Gmail, you should still check your filters and forwarding. There have been hacks, as documented above.
Tags:
Flat | Top-Level Comments Only

(no subject)

Date: 2007-12-27 06:57 pm (UTC)
From: [identity profile] simbab.livejournal.com
Huh. That site you linked reads a bit like a personal/apocryphal tale of woe. IOW, take it with a grain of salt. It's a personal experience, not a CVE bulletin.

But at any rate, this is exactly why you need several extensions to Firefox like Adblock, Greasemonkey, CustomizeGoogle, and (most importantly) NoScript. I have thought, in the past, that perhaps NoScript was overkill but then you read about stuff like this that NoScript almost always will stop, and then I realize it's really better to have it.

Adblock and Greasemonkey are now available for the Firefox-based MicroB browser on my Internet tablet, if they'd add NoScript to the webaddons project it would be perfect. :)

(no subject)

Date: 2007-12-27 07:23 pm (UTC)
From: [identity profile] shockwave77598.livejournal.com
I see my wisdom in not having any dealings with Google's "Free mail if we get to mine it for anything we want and send you and your friends spam" service was correct.

(no subject)

Date: 2007-12-27 07:24 pm (UTC)
From: [identity profile] giza.livejournal.com

Uh, that's not what happened here.

(no subject)

Date: 2007-12-27 08:05 pm (UTC)
From: [identity profile] shockwave77598.livejournal.com
It's not a hack of the Gmail service then? Or is it a keylogger that could have been used against any email service? I'm a little confused.

(no subject)

Date: 2007-12-27 08:12 pm (UTC)
From: [identity profile] giza.livejournal.com
Maybe the first, definitely not the second. More details are here, specifically in the comments:

http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/

If (and this is a BIG if) Google could have done anything differently, they might have modified Gmail so that it is a little stricter about checking the referrer on a form submission. They've apparently done this now, because the exploit no longer works.

Really, the moral of the story here is to be careful what sites you visit.

Though, I'd like to see a FireFox plugin that more carefully guards against cross-site form submissions.

(no subject)

Date: 2007-12-27 08:21 pm (UTC)
From: [identity profile] simbab.livejournal.com
Though, I'd like to see a FireFox plugin that more carefully guards against cross-site form submissions.


*points to his earlier comment about NoScript*

damnit

Date: 2007-12-28 01:12 am (UTC)
From: [identity profile] randomzen.livejournal.com
Ahh, you removed the filter and changed your password. "stinkfinger" isn't working anymore.

Re: damnit

Date: 2007-12-28 01:15 am (UTC)
From: [identity profile] giza.livejournal.com

Would that explain the zombie porn that just showed up in my inbox?
Flat | Top-Level Comments Only

Profile

giza: Giza White Mage (Default)
Douglas Muth
Dmuth dot org

April 2012

S M T W T F S
1234567
891011121314
15161718192021
22232425262728
2930     

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Top of page