TulipTools Internet Business Owners and Online Sellers Community

Quote:Using a form of cross scripting, it becomes easy to steal a GMail user’s contact list if they visit a certain type of website. The only condition is you have to be logged in to GMail at the time of the attack. GMail is setup to store your contact list in javascript files, which is the core problem. If you log into your GMail account, and click here, you’ll see your contact’s details, along with their email. I've tried the hack on IE7, Opera, and Firefox; it appears to be working on all three. To see a demonstration of the attack, login to your GMail account and go to this website. I don’t know for sure if the list is being saved or not, so browse at your own risk. According to the website they aren’t saving the data.

Something worth noting is that the email it claims is yours, is never yours...

Quote:Google has fixed a security hole in several of its services that exposed the address books of Gmail users...

Chen alerted Google over the holiday weekend. Heather Adkins, an information security manager at Google, confirmed the company heard about the Google Video issue and fixed it within hours. The search giant later learned that the same problem also impacted other services and resolved those issues within a day, she said.

Adkins said in an emailed statement: "To our knowledge, no one exploited the vulnerability and no users were impacted."...