TulipTools Internet Business Owners and Online Sellers Community

Quote:Petko Petkov of "ethical hacking" group GNUCitizen has developed a proof-of-concept program to steal contacts and incoming e-mails from Google Gmail users.

"This can be used to forward all your incoming e-mail," Pure Hacking security researcher Chris Gatford said. "It's just a proof of concept at the moment, but what they're demonstrating is the potential to use this vulnerability for malicious purposes."

According to Gatford, attackers could compromise a Gmail account--using a cross-site scripting vulnerability--if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account...

full article: http://www.news.com/Gmail-cookie-vulnerability-exposes-users-privacy/2100-1002_3-6210353.html?part=rss&tag=2547-1_3-0-20&subj=news

Quote:-if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account...

I am not sure that I understand this. Does this mean that if you have your gmail acct open in one tab, and you click on a malicious link while browsing using another tab, they can then take over your account and forward the mail?

[quote author=BellisimaJ. link=topic=16521.msg65215#msg65215 date=1191003299]

Quote:-if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account...

I am not sure that I understand this. Does this mean that if you have your gmail acct open in one tab, and you click on a malicious link while browsing using another tab, they can then take over your account and forward the mail?
[/quote]

אָכֵן

Quote:אָכֵן

Um, jez.................

[quote author=BellisimaJ. link=topic=16521.msg65215#msg65215 date=1191003299]

Quote:-if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account...

I am not sure that I understand this. Does this mean that if you have your gmail acct open in one tab, and you click on a malicious link while browsing using another tab, they can then take over your account and forward the mail?
[/quote]

If you're logged into gmail you're vulnerable if you click on a malicious link in an email or web page.

Thanks Rose.  That means I can no longer leave a tab with a gmail account open throughout the day. 

[quote author=BellisimaJ. link=topic=16521.msg65255#msg65255 date=1191175820]
Thanks Rose.  That means I can no longer leave a tab with a gmail account open throughout the day. 
[/quote]


I already told you that. I clearly said yes in answer to your question BEFORE Rose swooped in after me to get all the praise and glory.  Doesn't anyone around this boinking place understand basic English  Hebrew? :twistedevil:

[quote author=jezebel link=topic=16521.msg65256#msg65256 date=1191183402]
[quote author=BellisimaJ. link=topic=16521.msg65255#msg65255 date=1191175820]
Thanks Rose.  That means I can no longer leave a tab with a gmail account open throughout the day. 
[/quote]


I already told you that. I clearly said yes in answer to your question BEFORE Rose swooped in after me to get all the praise and glory.  Doesn't anyone around this boinking place understand basic English  Hebrew? :twistedevil:

[/quote]



Ha! That only very vaguely resembles Hebrew!  And even if it were more recognizable, I couldn't friggin' read it, lol!! 





Two years of Hebrew and I learned very little except for how to make Cantor angry because I talked too much, and not in Hebrew!!