In association with heise online

« previous | next »
27 September 2007, 13:09

Message theft in Google Mail

Petko Petkov (pdp) warns of a security hole in Google Mail. Compromised Websites that a Google Mail user uses during a webmail session may change filter settings, by means of which incoming and outgoing mail may be copied to third parties. This type of attack is known as Cross-Site-Request-Forgery attack (CSRF) or Session Riding.

Once set up, the filter remains active even after the user has logged out and enables complete observation of the user's email activity. Petkov has again declined to expose the exact nature of the threat - he has also not been forthcoming with details about the PDF reader security breach. He says he will provide details once Google has found a solution to the problem. On Tuesday, a further vulnerability in Google's photo organiser software Picasa was found. This has not yet been patched either.

See also:

(mba)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-733712

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit