A vulnerability within are being used by hackers to steal contacts and incoming emails from Gmail Accounts – according to ZDNet
According to a security analyzer, Chris Gatford:
Attackers could compromise a Gmail account–using a cross-site scripting vulnerability–if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account.
I'm sure everyone's thinking that what could be worse than this. Well, unfortunately this issue is made worse because of Google's 2 year holding time for cookies and this means that if a hacker will gain 2 years worth of access if he/she managed to steal a cookie.
A work around has been suggested by ZDNet:
This vulnerability is definitely a bane to Gmail users. I hope Google are aware of this issue and fixes it immediately.
Originally posted 2007-10-10 13:43:16.