I know this exploit was a problem 2 years ago but I thought Google had a solution? |
This post is related: http://www.davidairey.com/google-gmail-security-hijack/ (Dec. 2007) |
i thought it was fixed then... is it still working??? |
I'm not familiar with this. Is this an unpatched hole, or a new version based off an old exploit? |
That vulnerability reported in Dec '07 had so much media attention that it's very difficult to believe it as unpatched today. |
I believe the 2007 issue was fixed. What's strange is that the new post on geekcondition.com boils down to an unmentioned way of stealing cookies. I believe some Googlers were trying to contact Brandon soon after his post for more info, but haven't yet heard back. Hopefully we'll hear back soon and can check it out though. |
(Update: Added Matt's comments in the post.) |
That's what is confusing me, even though the ways to coopt the filters feature is interesting. It all hinges on a malicious script accessing private authentication cookies, and does not explain how this is possible? |
Michael Chelen, good point. The Gmail team looked into it and it looks like it was actually phishing. |
Now Geek Condition guys are linking to the official response:
'OFFICIAL UPDATE FROM GOOGLE:
Gmail Security and Recent Phishing
We’ve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners’ domains by unauthorized third parties. At Google we’re committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerability….'
http://geekcondition.com/ |