Slashdot Mirror


Gmail Accounts Vulnerable to XSS Exploit

mallumax writes "A security hole in GMail has been found (an XSS vulnerability) which allows access to user accounts without authentication. What makes the exploit worse is the fact that changing passwords doesn't help. The full details of the exploit haven't been disclosed. The vulnerability was reported by Israeli news site Nana. They were tipped off by an Israeli hacker. Google has been notified and they are working to close the hole. The Register has the story here."

8 of 232 comments (clear)

  1. Oh no! by scaaven · · Score: 5, Funny

    My google stock. My poor google stock!

    --
    I know I'm going to be modded up on this
  2. Oh my god! by Zangief · · Score: 5, Funny

    Maybe some hacker will make a program to break into every gmail account, read their mail, and send them ads about what people are talking about in mails!!!

  3. sweet grapes by yahyamf · · Score: 5, Funny

    I waited so long to get a Gmail account, I don't care if it sucks now... I also like Doom3...

  4. I must do my part to help. by teamhasnoi · · Score: 5, Funny

    The first person to fix the exploit will get a FREE GMAIL INVITE!

  5. Good thing they are still in beta. by bill_kress · · Score: 5, Funny

    They caught this problem in beta, just as should be done! Bravo!

    Brings some true professionalisim to an industry where companies actually ship/sell products with bugs like this all the time.

  6. Wives by mekanizer · · Score: 5, Funny

    Time to read our wives e-mail to see if they are cheating or something.

  7. Re:I got it by Anonymous Coward · · Score: 5, Funny

    Yeah, I agree. Your gmail account is the best mail I've ever used.

    - Anonymous Cookie monster

  8. Re:Now everybody,not just Google,can read your ema by iMaple · · Score: 5, Funny

    what's the difference if a few Hackers get a hold of your account?

    You know its not just as simple as you think. I mean I dont care if a few hackers read my email, but what if they decide to use sensitive info in it or delete it.

    I run an e-business from Nigeria and earn some money in the process. People email me their bank account numbers, creditcard numbers ,SSNs and what not (I am creative). Now if some immoral hacker got hold of that data , the poor users would be duped twice, and I would feel really bad abt it (I mean I could have got twice the money myself if I wanted). So I request Gmail to help the Nigerian revolution and our fight against AIDS and dictators and fix the bug as soon as possible.