| |||||||
| Data Security Viruses, Firewalls and Safe computing |
 |
| | LinkBack | Thread Tools | Rate Thread |
30th October, 2004, 07:00 AM
| ||||
| ||||
| Security hole found in Gmail According to: http://net.nana.co.il/Article/?ArticleID=155025&sid=10 a major security flaw allows full access to a user's account.
__________________ When the world will be better.      |
|
30th October, 2004, 03:53 PM
| ||||
| ||||
| Good thing I don't really use mine all that much then eh?  Rob
__________________ Taking each day as it comes Grow, learn and OVERCLOCK. Need help?? Ask me. Your Mommy!! (Aug/02) Welcome to the fold. Buy it, Sell it, or Trade it in the AoA classifieds!!  |
|
30th October, 2004, 05:38 PM
| ||||
| ||||
| Just got one a few fays back, thanks to Mooky. I find it is very good for notifications from AOA, because it automatically threads messages. Still use my other account for more secure stuff. This is hosted by a small local company, so I feel it is more secure and I can contact the provider easily if needed. Gmail is still beta, so it is still in its test phase.
__________________ Desktop PC: AMD FX-8370E / Asus M5A99X Evo R2.0 Motherboard / 16GB DDR3 RAM / GeForce GTX 970  |
|
1st November, 2004, 10:36 AM
| |||
| |||
| Er, how come they're picking on Gmail? The idea that stealing a cookie from someone's system and knowing their username is hardly a new one. Many webmail systems will happily allow you in if you have a valid session cookie. I know from personal testing that a number of other webmail systems simply require you to present a valid cookie to log you in. In terms of being able to obtain the cookie, it's usually easiest to use a flaw in a browser to obtain such information. Cross site scripting is also a good attack to use to obtain such information.
__________________ Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry). |
|
1st November, 2004, 04:15 PM
| ||||
| ||||
  Can you explain that in detail ?
__________________ I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!  |
|
1st November, 2004, 05:17 PM
| |||
| |||
| The Gmail attack is reliant on cross site scripting. Cross site scripting is where another site effectively "injects" some HTML code into the page you want to view. The code that is injected is commonly used to steal the session cookie. Session cookies are the reference that the web servers use to keep track of you! That said, I've never actually heard of someone sucessfully using a cross site scripting attack against a user except in a lab environment.
__________________ Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry). |
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Rate This Thread | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Microsoft fixes biggest security hole | tevildo | OS, Software, Firmware, and BIOS | 8 | 6th December, 2006 11:35 AM |
| Norton AntiSpam/Internet Security 2004 hole! | Áedán | Data Security | 0 | 23rd March, 2004 10:52 AM |
| Big Windows NT/2000/XP security hole | Áedán | Data Security | 16 | 8th August, 2003 09:45 PM |
| .NET security flaw found | nullCRC | OS, Software, Firmware, and BIOS | 4 | 17th February, 2002 04:14 PM |
| GIANT security hole in Win 98 and ME, and XP | Daniel ~ | Random Nonsense! | 13 | 24th December, 2001 11:05 PM |
