Jump to content



Photo

Serious flaw in Froogle Reveals Gmail Accounts


  • Please log in to reply
33 replies to this topic

#1 Aviran

Aviran

    Neowinian

  • 57 posts
  • Joined: 11-August 04

Posted 13 January 2005 - 21:28

New security flaw in Google’s price comparison engine, Froogle, was discovered by an Israeli hacker.

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user’s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user’s cookie, which contains personal information, such as purchase history, user name and password for Google services.

Source


#2 Slimy

Slimy

    Ars + Neowin

  • 22,355 posts
  • Joined: 04-April 04

Posted 13 January 2005 - 21:36

:pinch: oh well hope google will fix this asap

#3 APL88

APL88

    Neowinian

  • 672 posts
  • Joined: 17-August 04
  • Location: Orange County, CA

Posted 13 January 2005 - 21:42

This is good for me if I can find out how, so I can get the passwrod back from my old acount, which is teh same password for an old s/n i cant get onto.

#4 Joey992

Joey992

    ************

  • 1,076 posts
  • Joined: 16-November 03
  • Location: VA

Posted 14 January 2005 - 04:22

I always used pricegrabber or pricewatch but it still sucks.

OT: nice sig APLardi

#5 figgy

figgy

    Neowinian Senior

  • 1,965 posts
  • Joined: 05-September 03
  • Location: Portland, OR, USA

Posted 14 January 2005 - 05:19

Oh wow!
I am definetly curious how a simple javascript can cause exposure of gmail accounts.

#6 Coolme

Coolme

    Neowinian

  • 1,237 posts
  • Joined: 05-July 03
  • Location: calgary

Posted 14 January 2005 - 05:37

Oh wow!
I am definetly curious how a simple javascript can cause exposure of gmail accounts.

View Post

Gmail is written fully in JavaScript

#7 kainashi

kainashi

    Neowinian Senior

  • 5,504 posts
  • Joined: 01-November 01
  • Location: Detroit, MI

Posted 14 January 2005 - 06:05

hope google fixes this soon. i just used froogle earlier too. :(

#8 matt95110

matt95110

    Neowinian Senior

  • 7,900 posts
  • Joined: 24-July 03
  • Location: Toronto, Ontario

Posted 14 January 2005 - 06:12

Gmail is written fully in JavaScript

View Post

Not entirely, the interface uses a lot of JavaScript. You can't make a webmail with 100% client-side code.

#9 Lare2

Lare2

    Info Seeker

  • 2,690 posts
  • Joined: 07-August 04
  • Location: Texas, USA

Posted 14 January 2005 - 06:25

:/

#10 Xer34

Xer34

    Spiral Out

  • 3,337 posts
  • Joined: 20-November 03
  • Location: Orlando, FL

Posted 14 January 2005 - 06:27

Yikes. Hoping they fix it ASAP.

#11 Fedorpheux

Fedorpheux

    Neowinian Senior

  • 3,119 posts
  • Joined: 04-August 03
  • Location: Halfway to Canada by now...

Posted 14 January 2005 - 06:32

well, now we know why gmail is still officially beta
:laugh:

#12 Northgrove

Northgrove

    Philosophizing Developer

  • 9,877 posts
  • Joined: 29-December 02
  • Location: Sweden
  • OS: OS X 10.8
  • Phone: iPhone 5

Posted 14 January 2005 - 12:14

well, now we know why gmail is still officially beta

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

#13 the_snitch

the_snitch

    Procrastinator

  • 1,213 posts
  • Joined: 18-April 04
  • Location: Neo Zealand

Posted 14 January 2005 - 12:23

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

View Post


Ok then...now we know why Froogle is still in Beta.

#14 ZZOOzzoo

ZZOOzzoo

    Neowinian Senior

  • 3,922 posts
  • Joined: 01-June 04
  • Location: South Korea

Posted 14 January 2005 - 12:26

Ok then...now we know why Froogle is still in Beta.

View Post


:p

#15 Guest_FaX_*

Guest_FaX_*
  • Joined: --

Posted 14 January 2005 - 13:26

how do I do this ive lost my passowrd to my other gmail account :s