AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 30th October, 2004, 07:00 AM
cloasters's Avatar
Asst. BBS Administrator
 
Join Date: September 2001
Location: Location, Location
Posts: 21,956

Security hole found in Gmail

According to: http://net.nana.co.il/Article/?ArticleID=155025&sid=10 a major security flaw allows full access to a user's account.
__________________
When the world will be better.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 30th October, 2004, 03:53 PM
robbie's Avatar
AOA Staff
 
Join Date: November 2001
Location: Out in the desert of Ca.
Posts: 12,548
Send a message via AIM to robbie Send a message via MSN to robbie Send a message via Yahoo to robbie Send a message via Skype™ to robbie

Good thing I don't really use mine all that much then eh?
Rob
__________________
Taking each day as it comes
Grow, learn and OVERCLOCK. Need help?? Ask me.
Your Mommy!! (Aug/02) Welcome to the fold.
Buy it, Sell it, or Trade it in the AoA classifieds!!
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 30th October, 2004, 05:38 PM
danrok's Avatar
AOA Staff
 
Join Date: March 2003
Location: Great Britain
Posts: 18,917

Just got one a few fays back, thanks to Mooky.

I find it is very good for notifications from AOA, because it automatically threads messages.

Still use my other account for more secure stuff. This is hosted by a small local company, so I feel it is more secure and I can contact the provider easily if needed.

Gmail is still beta, so it is still in its test phase.
__________________
Desktop PC: AMD FX-8370E / Asus M5A99X Evo R2.0 Motherboard / 16GB DDR3 RAM / GeForce GTX 970
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 1st November, 2004, 10:36 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Er, how come they're picking on Gmail? The idea that stealing a cookie from someone's system and knowing their username is hardly a new one. Many webmail systems will happily allow you in if you have a valid session cookie. I know from personal testing that a number of other webmail systems simply require you to present a valid cookie to log you in.

In terms of being able to obtain the cookie, it's usually easiest to use a flaw in a browser to obtain such information. Cross site scripting is also a good attack to use to obtain such information.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 1st November, 2004, 04:15 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Wink

Can you explain that in detail ?
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 1st November, 2004, 05:17 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

The Gmail attack is reliant on cross site scripting. Cross site scripting is where another site effectively "injects" some HTML code into the page you want to view. The code that is injected is commonly used to steal the session cookie. Session cookies are the reference that the web servers use to keep track of you!

That said, I've never actually heard of someone sucessfully using a cross site scripting attack against a user except in a lab environment.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft fixes biggest security hole tevildo OS, Software, Firmware, and BIOS 8 6th December, 2006 11:35 AM
Norton AntiSpam/Internet Security 2004 hole! Áedán Data Security 0 23rd March, 2004 10:52 AM
Big Windows NT/2000/XP security hole Áedán Data Security 16 8th August, 2003 09:45 PM
.NET security flaw found nullCRC OS, Software, Firmware, and BIOS 4 17th February, 2002 04:14 PM
GIANT security hole in Win 98 and ME, and XP Daniel ~ Random Nonsense! 13 24th December, 2001 11:05 PM


All times are GMT +1. The time now is 11:45 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0