[ news_security_news ]
Vulnerabilities In Gmail
John Stith
Staff Writer
2006-03-02
 Insider Reports RSS Feed
A lad named Anthony, 14, claimed to have found a vulnerability in Google's email service, Gmail. According to his blog he found a problem with javascript running within the preview of the message.
He was trying to email javascript from his Yahoo account to his Gmail account and came across the vulnerability. He said he only tested sending from a Yahoo account because sending from Gmail to Gmail filters out the problem. He posted the details on his Ph3rny's blog:
This is what the message has to compose of
· A short subject to increase the amount of code to run
· A short bit of text in the body so that the code isn't treated as quoted text
· And your code
He suggested the email could be used to gather email addresses or possibly even compromise the account. Commenters on his blog reaffirmed they had duplicated the process as well.
Apparently though, Google has corrected the problem although they've not said much. They did issue a small statement:
In the interest of minimizing the impact that security vulnerabilities have on our end users, we highly encourage anyone who discovers a vulnerability in a Google product or service to follow responsible disclosure policies by contacting us first at security@google.com.
In any event, the vulnerabilities are obviously there. Sometimes people sort of luck into them like Anthony and sometimes they are purposely found. Proof postive that even the most cautious coders do occasionaly have mistakes in their code and one more reason people can't rely on the various services to protect them from problems. People need to take an active interest in their own security.
Get all the updates - click this link: 
Tag: Gmail
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
