Gmail accounts 'wide open to exploit' - report

Google's high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user's email account simply by knowing the user name, according to reports. The security flaw allows full access to users' accounts, with no need of a password, Israeli news site Nana says.

Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed. Following up a tip from an Israeli hacker, journos from the site confirmed the attack and verified the exploit with local security firm Aladdin Knowledge Systems.

News source: The Register

Report a problem with article
Previous Story

Simpler ID management readied by Microsoft

Next Story

Google Plans Desktop Search Tool for Apple PCs

0 Comments - Add comment