Gmail security flaw? not that threatening..
Today we saw a post by Brandon at Geek Condition sharing this Gmail security flaw where by having your cookies, the attacker can force you to create filters and hence forward email to them. One said this exploit is the cause behind the few complaints of GoDaddy user's losing their domains for apparent no reason. It is true though.
Brandon goes on and demonstrates how it works. Basically it gets down to being careless, either by entering malicious websites or having a malware in the neighborhood, at the end you have to allow 'em to eat your cookies first.
Yes, this is a serious security flaw and yes, Google must have patched it by now, if not, they're about to, but anyway, it's simple and can be easily prevented by using, as suggested, the NoScript addon for Mozilla Firefox (gets you a fine new layer between an attack script and your beloved cookie), or at least by being nice and logging out at the end of each session.
For those of you who are curious, here's the proof of concept URL by Brandon:
Gmail Security Flaw Concept
Brandon goes on and demonstrates how it works. Basically it gets down to being careless, either by entering malicious websites or having a malware in the neighborhood, at the end you have to allow 'em to eat your cookies first.
Yes, this is a serious security flaw and yes, Google must have patched it by now, if not, they're about to, but anyway, it's simple and can be easily prevented by using, as suggested, the NoScript addon for Mozilla Firefox (gets you a fine new layer between an attack script and your beloved cookie), or at least by being nice and logging out at the end of each session.
For those of you who are curious, here's the proof of concept URL by Brandon:
Gmail Security Flaw Concept
Comments