• Subcribe to Our RSS Feed

Google Gmail, Other Apps, Vulnerable To Attackers , Hackers

Oct 14, 2008 by     4 Comments    Posted under: Gooogle

Google Gmail, Other Apps, Vulnerable To Attackers The following news shocked me when I saw this, It has been reported that Google Gmail and other Google Application is prone to hackers.

Adrian ‘pagvac’ Pastor, a security researcher with GNUCitizen.org, on Friday posted proof-of-concept code that can inject a third-party page — a fake login page in Pastor’s example — while the user’s browser address bar still displays the Google domain. This could dupe the user into entering login details.

"The beauty of frame injection attacks is that the attacker is able to impersonate a trusted entity without needing to bypass XSS/HTML filters or even break into the target server," Pastor explained on the GNUCitizen site.

In a related blog post on Friday, security researcher Aviv Raff explained that Google is vulnerable to "a cross-domain Web-application sharing security design flaw."

And According to the news this flaw has been seen since April and Google is not yet taking any action.

"Today, after not getting any further response from the Google security team about this issue, and after Adrian published his proof-of-concept, I’ve decided to reveal this information in a hope that this security design flaw will be fixed by Google as soon as possible," said Raff.

In reference to the proof-of-concept, a Google spokesperson said, "We’re aware of the potential for this kind of behavior when services are hosted across multiple domains, and we take steps to restrict it where we believe it may have security consequences."

Well Google has to explain this one on their official site, so that their E-mail user will feel comfortable on using their Free E-mail. And Did you know that E-mails can be tracked ?. So better keep a hard copy or printed copy of those E-mails that needs protection such as username and passwords that still resides in your mailbox. Better transfer it to your PC for safe keeping purpose. Better to that or be sorry later on. What if they hack our AdSense Earnings ? So Be Careful .

via www.informationweek.com

4 Comments + Add Comment

Got anything to say? Go ahead and leave a comment!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>