Archived

This topic is now archived and is closed to further replies.

Serious flaw in Froogle Reveals Gmail Accounts

Recommended Posts

Aviran    0

New security flaw in Google?s price comparison engine, Froogle, was discovered by an Israeli hacker.

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user?s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user?s cookie, which contains personal information, such as purchase history, user name and password for Google services.

Source

Share this post


Link to post
Share on other sites
Slimy    12

:pinch: oh well hope google will fix this asap

Share this post


Link to post
Share on other sites
APL88    0

This is good for me if I can find out how, so I can get the passwrod back from my old acount, which is teh same password for an old s/n i cant get onto.

Share this post


Link to post
Share on other sites
Joey992    0

I always used pricegrabber or pricewatch but it still sucks.

OT: nice sig APLardi

Share this post


Link to post
Share on other sites
figgy    2

Oh wow!

I am definetly curious how a simple javascript can cause exposure of gmail accounts.

Share this post


Link to post
Share on other sites
Coolme    0
Oh wow!

I am definetly curious how a simple javascript can cause exposure of gmail accounts.

585290824[/snapback]

Gmail is written fully in JavaScript

Share this post


Link to post
Share on other sites
kainashi    7

hope google fixes this soon. i just used froogle earlier too. :(

Share this post


Link to post
Share on other sites
matt95110    2
Gmail is written fully in JavaScript

585290900[/snapback]

Not entirely, the interface uses a lot of JavaScript. You can't make a webmail with 100% client-side code.

Share this post


Link to post
Share on other sites
Lare2    7

:/

Share this post


Link to post
Share on other sites
Xer34    0

Yikes. Hoping they fix it ASAP.

Share this post


Link to post
Share on other sites
Fedorpheux    0

well, now we know why gmail is still officially beta

:laugh:

Share this post


Link to post
Share on other sites
Malisk    127
well, now we know why gmail is still officially beta

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

Share this post


Link to post
Share on other sites
the_snitch    0
Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

585291922[/snapback]

Ok then...now we know why Froogle is still in Beta.

Share this post


Link to post
Share on other sites
ZZOOzzoo    0
Ok then...now we know why Froogle is still in Beta.

585291936[/snapback]

:p

Share this post


Link to post
Share on other sites
Guest FaX   

how do I do this ive lost my passowrd to my other gmail account :s

Share this post


Link to post
Share on other sites
TimRogers    0

This is not bad, because I dont use Froogle!

Share this post


Link to post
Share on other sites
Pwnadog    0

Like... thats EVIL :p

Share this post


Link to post
Share on other sites
Ranhoca    0

sh** happens :p

:D

Anyway, this kind of bug is not a big deal, there is a lot of php freescript with this kind of bug, it was (and sometimes it IS) relly easy to steal a cookie from forum or anything else. And the problem is not only in the free script, but also in forum like vbulletim etc...

I sure that froggle will corect this bug very soon... It's a matter of time.

*** sorry for my crappy english.

Share this post


Link to post
Share on other sites
GatorV    1

Good that I don't use froogle..

Share this post


Link to post
Share on other sites
reset    0

i like froogle but ive been using the yahoo shopping search more and more lately. to me, the interface just seems more intuitive. my 2 cents

Share this post


Link to post
Share on other sites
galoosh33    0

I use both Froogle and Gmail, hope they would get it fixed soon.

Share this post


Link to post
Share on other sites
rob2090    2
how do I do this ive lost my passowrd to my other gmail account :s

585292154[/snapback]

Start searching on Google ... :shifty:

Share this post


Link to post
Share on other sites
APL88    0

same for me cant find it tho

Share this post


Link to post
Share on other sites
Alien Venom    0
Just to clarify, the problem isn't in Gmail, it's in Froogle.

Actually, it's both.

The idea is to create secure products. That includes making it secure to any other programs (or scripts) installed on the system and from other users on the system.

Share this post


Link to post
Share on other sites
Mx    0

Google will fix it asap, hopefully.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.