|
Data Security Viruses, Firewalls and Safe computing |
![]() |
| LinkBack | Thread Tools | Rate Thread |
| ||||
Security hole found in Gmail According to: http://net.nana.co.il/Article/?ArticleID=155025&sid=10 a major security flaw allows full access to a user's account.
__________________ When the world will be better. |
| ||||
Good thing I don't really use mine all that much then eh? ![]() Rob
__________________ Taking each day as it comes Grow, learn and OVERCLOCK. Need help?? Ask me. Your Mommy!! (Aug/02) Welcome to the fold. Buy it, Sell it, or Trade it in the AoA classifieds!! ![]() |
| |||
Er, how come they're picking on Gmail? The idea that stealing a cookie from someone's system and knowing their username is hardly a new one. Many webmail systems will happily allow you in if you have a valid session cookie. I know from personal testing that a number of other webmail systems simply require you to present a valid cookie to log you in. In terms of being able to obtain the cookie, it's usually easiest to use a flaw in a browser to obtain such information. Cross site scripting is also a good attack to use to obtain such information.
__________________ Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry). |
| ||||
![]() ![]() |
| |||
The Gmail attack is reliant on cross site scripting. Cross site scripting is where another site effectively "injects" some HTML code into the page you want to view. The code that is injected is commonly used to steal the session cookie. Session cookies are the reference that the web servers use to keep track of you! That said, I've never actually heard of someone sucessfully using a cross site scripting attack against a user except in a lab environment.
__________________ Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry). |
![]() |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Rate This Thread | |
| |
![]() | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Microsoft fixes biggest security hole | tevildo | OS, Software, Firmware, and BIOS | 8 | 6th December, 2006 11:35 AM |
Norton AntiSpam/Internet Security 2004 hole! | Áedán | Data Security | 0 | 23rd March, 2004 10:52 AM |
Big Windows NT/2000/XP security hole | Áedán | Data Security | 16 | 8th August, 2003 09:45 PM |
.NET security flaw found | nullCRC | OS, Software, Firmware, and BIOS | 4 | 17th February, 2002 04:14 PM |
GIANT security hole in Win 98 and ME, and XP | Daniel ~ | Random Nonsense! | 13 | 24th December, 2001 11:05 PM |