Aviran Posted January 13, 2005 Share Posted January 13, 2005 New security flaw in Google?s price comparison engine, Froogle, was discovered by an Israeli hacker. By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user?s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user?s cookie, which contains personal information, such as purchase history, user name and password for Google services. Source Link to comment Share on other sites More sharing options...
Slimy Posted January 13, 2005 Share Posted January 13, 2005 :pinch: oh well hope google will fix this asap Link to comment Share on other sites More sharing options...
APL88 Posted January 13, 2005 Share Posted January 13, 2005 This is good for me if I can find out how, so I can get the passwrod back from my old acount, which is teh same password for an old s/n i cant get onto. Link to comment Share on other sites More sharing options...
Joey992 Posted January 14, 2005 Share Posted January 14, 2005 I always used pricegrabber or pricewatch but it still sucks. OT: nice sig APLardi Link to comment Share on other sites More sharing options...
figgy Posted January 14, 2005 Share Posted January 14, 2005 Oh wow! I am definetly curious how a simple javascript can cause exposure of gmail accounts. Link to comment Share on other sites More sharing options...
Coolme Posted January 14, 2005 Share Posted January 14, 2005 Oh wow!I am definetly curious how a simple javascript can cause exposure of gmail accounts. 585290824[/snapback] Gmail is written fully in JavaScript Link to comment Share on other sites More sharing options...
kainashi Posted January 14, 2005 Share Posted January 14, 2005 hope google fixes this soon. i just used froogle earlier too. :( Link to comment Share on other sites More sharing options...
matt74441 Posted January 14, 2005 Share Posted January 14, 2005 Gmail is written fully in JavaScript 585290900[/snapback] Not entirely, the interface uses a lot of JavaScript. You can't make a webmail with 100% client-side code. Link to comment Share on other sites More sharing options...
Lare2 Posted January 14, 2005 Share Posted January 14, 2005 :/ Link to comment Share on other sites More sharing options...
Xer34 Posted January 14, 2005 Share Posted January 14, 2005 Yikes. Hoping they fix it ASAP. Link to comment Share on other sites More sharing options...
Fedorpheux Posted January 14, 2005 Share Posted January 14, 2005 well, now we know why gmail is still officially beta :laugh: Link to comment Share on other sites More sharing options...
Malisk Posted January 14, 2005 Share Posted January 14, 2005 well, now we know why gmail is still officially beta Just to clarify, the problem isn't in Gmail, it's in Froogle. The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie. Link to comment Share on other sites More sharing options...
the_snitch Posted January 14, 2005 Share Posted January 14, 2005 Just to clarify, the problem isn't in Gmail, it's in Froogle.The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie. 585291922[/snapback] Ok then...now we know why Froogle is still in Beta. Link to comment Share on other sites More sharing options...
ZZOOzzoo Posted January 14, 2005 Share Posted January 14, 2005 Ok then...now we know why Froogle is still in Beta. 585291936[/snapback] :p Link to comment Share on other sites More sharing options...
Guest FaX Posted January 14, 2005 Share Posted January 14, 2005 how do I do this ive lost my passowrd to my other gmail account :s Link to comment Share on other sites More sharing options...
TimRogers Posted January 14, 2005 Share Posted January 14, 2005 This is not bad, because I dont use Froogle! Link to comment Share on other sites More sharing options...
Pwnadog Posted January 14, 2005 Share Posted January 14, 2005 Like... thats EVIL :p Link to comment Share on other sites More sharing options...
Ranhoca Posted January 14, 2005 Share Posted January 14, 2005 sh** happens :p :D Anyway, this kind of bug is not a big deal, there is a lot of php freescript with this kind of bug, it was (and sometimes it IS) relly easy to steal a cookie from forum or anything else. And the problem is not only in the free script, but also in forum like vbulletim etc... I sure that froggle will corect this bug very soon... It's a matter of time. *** sorry for my crappy english. Link to comment Share on other sites More sharing options...
GatorV Posted January 14, 2005 Share Posted January 14, 2005 Good that I don't use froogle.. Link to comment Share on other sites More sharing options...
reset Posted January 14, 2005 Share Posted January 14, 2005 i like froogle but ive been using the yahoo shopping search more and more lately. to me, the interface just seems more intuitive. my 2 cents Link to comment Share on other sites More sharing options...
galoosh33 Posted January 14, 2005 Share Posted January 14, 2005 I use both Froogle and Gmail, hope they would get it fixed soon. Link to comment Share on other sites More sharing options...
rob2090 Posted January 14, 2005 Share Posted January 14, 2005 how do I do this ive lost my passowrd to my other gmail account :s 585292154[/snapback] Start searching on Google ... :shifty: Link to comment Share on other sites More sharing options...
APL88 Posted January 14, 2005 Share Posted January 14, 2005 same for me cant find it tho Link to comment Share on other sites More sharing options...
Alien Venom Posted January 14, 2005 Share Posted January 14, 2005 Just to clarify, the problem isn't in Gmail, it's in Froogle. Actually, it's both. The idea is to create secure products. That includes making it secure to any other programs (or scripts) installed on the system and from other users on the system. Link to comment Share on other sites More sharing options...
Mx Posted January 14, 2005 Share Posted January 14, 2005 Google will fix it asap, hopefully. Link to comment Share on other sites More sharing options...
Recommended Posts