TCH-Thomas 25 Posted October 30, 2004 Share Posted October 30, 2004 Google's high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user's email account simply by knowing the user name, according to reports. Full story: http://www.theregister.co.uk/2004/10/29/gmail_vuln/ Quote Link to post Share on other sites
youneverknow 0 Posted October 30, 2004 Share Posted October 30, 2004 Wow! Here is a quote from the article's link that seems to sum it up.... "This is a major threat, for the following reasons: First – the users have no way of protecting themselves. Second – it's quite easy to carry out, and third – it allows identity theft, which is nothing less than a serious danger to the victim". "On the bright side", he adds, "its a good thing that this hole was found now, before the service was officially announced and offered to millions of users world-wide. I reckon it's just a matter of time before an automatic tool is made, which would allow even the less computer-savvy people to exploit this hack. The damage, needless to say, could be huge" Is there a way, after all, to protect ourselves in the face of this danger? Elzam does not bear good news on the matter. "The only immediate solution that comes to mind is not using Gmail to store any messages or files that might be maliciously used. At least until Google attends to this problem" Thanks for the info... youneverknow Quote Link to post Share on other sites
Deverill 0 Posted October 30, 2004 Share Posted October 30, 2004 I did some research and found the original "whistleblower's" website at jibbering.com/2004/10/google.html He states at the top that Google has made some patches as of the 20th and his example asking for credit card numbers does not seem to be working in firefox OR IE. He states there may be other vulnerabilities but this one specifically seems to be taken care of. Never blindly trust anyone though. The truth is that anyone is at risk... my runbox account, yahoo, hotmail, aol, any ofthem could be compromised internally or externally and who'd know it. If it is a secret either encrypt it or keep it off the 'net. In my case, I don't have any secrets important enough for anyone to go to the efforts of stealing them other than my identity. Quote Link to post Share on other sites
TCH-Dick 25 Posted October 30, 2004 Share Posted October 30, 2004 Here is the original article http://net.nana.co.il/Article/?ArticleID=155025&sid=10 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.