Google Vulnerability Trouble for Gmail Users
A vulnerability within are being used by hackers to steal contacts and incoming emails from Gmail Accounts - according to ZDNet
According to a security analyzer, Chris Gatford:
Attackers could compromise a Gmail account–using a cross-site scripting vulnerability–if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account.
I'm sure everyone's thinking that what could be worse than this. Well, unfortunately this issue is made worse because of Google's 2 year holding time for cookies and this means that if a hacker will gain 2 years worth of access if he/she managed to steal a cookie.
A work around has been suggested by ZDNet:
One work-around is to use Gmail through Firefox and disable JavaScript. While this limits user access to many components of popular Web sites, it will protect against the potential threat.
This vulnerability is definitely a bane to Gmail users. I hope Google are aware of this issue and fixes it immediately.
Popularity: 15%
