Google Fixes Gmail Vulnerability

Tags:  security  hackers  Search engine  Go Daddy  Google  INetU  iPowerWeb  Netcraft  Promise 

  • By theWHIR.com , October 01, 2007

  •   Digg
      Delicious
    submit to reddit  Reddit
      Newsvine
      Stumbleupon
      Twitter
    Facebook

    (close)

    From:
    To:
    Share | Send | Print | Comments (0)

Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.

October 1, 2007 -- (WEB HOST INDUSTRY REVIEW) -- Web analytics firm Netcraft (netcraft.com) reported this weekend that search engine giant Google (google.com) has fixed a vulnerability in its Gmail Web-based email service. Netcraft says the vulnerability would have allowed Internet attackers to steal mail messages from users without being noticed.

The attack technique known as Cross-site Request Forgery works by forcing a logged-in user to add a mail filter to his Gmail account, allowing his mail to be forwarded to an external mail address controlled by the attacker. The analytics firm says that because Gmail doesn't adequately verify the origin of such requests, it's possible for attackers to create their own Web pages using JavaScript to automatically make these kinds of requests on behalf of their victims. Since the results of the request are hidden, it's unlikely that a victim will have noticed that his Gmail account has been compromised, particularly if he has left Gmail open while browsing the Internet.

Netcraft says compromised webmail accounts are regarded as a valuable commodity by hackers as they often contain information that could help them gain unauthorized access to other systems, such as Internet banking, and to harvest credit card details from online stores used by the victim.

Cross-site Request Forgery vulnerabilities are often difficult to identify using automated tools and typically require testing by security aware developers, says the analytics firm.

Netcraft also recently reported that INetU, New York Internet and Acens are the most reliable hosting company sites for August 2007, followed closely by Easynet, iPowerWeb and Go Daddy.

OLDER:  The Web Host Industry Week in Review | NEWER:  Virtual Iron Launches IT Survey

Comment anonymously or log into your WHIR account

Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.

User:

Pass:

(reset password)

Don't have an account yet? Register now!


 

Related Content

Most Popular