Gmail security flaw (the real reason not to use Gmail)

Discussion in 'Networking & Security' started by unit24, Nov 2, 2004.

  1. unit24

    unit24 Limp Gawd

    Messages:
    309
    Joined:
    Mar 27, 2002

    From a list I am on, It looks like there is a huge security flaw in Gmail.

    xxiv
    -------- Original Message --------
    Subject: Gmail exploit
    Date: Fri, 29 Oct 2004 20:26:54 -0400
    From: Adam Fields <politech0934859034@aquick.org>
    To: declan@well.com

    For Politech, if you like

    There's a Gmail exploit that allows an attacker to steal your Gmail cookie, which thereafter identifies them as you to the system, even if you change your password.

    This seems like a huge problem for Google, above and beyond the actual security breach. Remember that Gmail uses the same unlimited lifetime Google cookie. The data in that cookie is, presumably, extremely valuable for their tracking efforts, and I'd guess that this will be difficult for them to fix in a way that maintains that.

    I've blogged this:

    http://www.aquick.org/blog/index.php?p=135
     
  2. Slide

    Slide n00b

    Messages:
    18
    Joined:
    Jun 9, 2004
    Google fixed the flaw the day they found out about it. UnixFormula.com posted a little ditty about it. How is that for a turn-around time on a security flaw? Security flaws will be found, the question is how fast they are responded to. Plus, if a website suddenly redirected me to my gmail account, I would become extremely suspicious.