http://www.makepovertyhistory.org
HomeLoginNew Post

This blog is about gmail-lite, gmail-mobile, and other Gmail-related web application projects

Gmail security hole found and fixed

A bug of Gmail has been found which, if being abused, could give you access to any account. The bug was discovered in 14 Oct, by Anelkaos of elhacker.net. Anelkaos reported it to Google, which then fixed the bug 4 days later.

I have a very quick look at the hacking procedure. If I understand that correctly, it involves using an victim’s partial "authentication string" - something like session ID or the long, seemingly random string sometimes you could see in URLs - to fake Gmail into believing that you were logged in as the victim. The procedure looks complicated, but can definitely be eased by a script or something.

Anyhow, it is glad that Google has fixed it rather quickily. emoticon

This entry was posted on Saturday, November 19th, 2005 at 7:12 am and is filed under gmail-lite, Web Tech. You can follow any responses to this entry through the RSS 2.0 feed, bookmark the Permalink in your Browser, leave a response, or trackback from your own site.

One Response to “Gmail security hole found and fixed”

Leave a Reply

You must be logged in to post a comment.

« Google Analytics is watching YOU
Finally, the official Gmail lite »

 

Based on Erik Poehler's wordpress theme iRoybots SlatyStain.
WordPress took 0.994 seconds to generate this page.