Please note this security issue has already been fixed by Google.
I thought this was odd that Google had a security hole due to the amount of cookie’s their users store on the computers. It seems that if someone wanted, they could trick gMail users into visiting a page on Google (I’m guessing a page on GooglePages) and grab all those cookies.
Since Google offers a ton of services that run off of your Google Account, I’m guessing there are different cookies for each service and all of them can be obtained to let a hacker:
- Get into my Google Docs & Spreadsheets application and read and modify documents I saved there
- Read subjects from my Gmail inbox, as well as the first few words of these emails, by adding a Gmail module to the Google
- Personalized Homepage
- View my Google Accounts page
- Enter my Google Reader
- Read my private Google Notebook
- View my complete Google search history (for as long as I had the search history feature enabled in Google)
However, the user could not read an entire E-Mail or view the events in a calendar or change the master account password (if they were, it would be a much bigger deal).
Technorati Tags: security, Google, Gmail
Leave a Reply
Subscribe to Modern SEO News
Sponsors
Blogroll
Resources
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Jul | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
Blog Categories
Monthly Archives
By Month
- July 2008 (1)
- October 2007 (2)
- August 2007 (3)
- July 2007 (3)
- June 2007 (5)
- May 2007 (6)
- April 2007 (8)
- March 2007 (7)
- February 2007 (15)
- January 2007 (34)
- December 2006 (26)
- November 2006 (10)
- October 2006 (29)
- September 2006 (39)
- August 2006 (65)
- July 2006 (5)
- April 2006 (17)
- March 2006 (44)
- February 2006 (16)
- January 2006 (130)
Subscribe Feeds
