Teenage Blogger Finds Gmail Hole

cpm80 wrote to mention the news that a 14 year old blogger has identified a security hole in the Gmail webmail service. From the Network World article: "He wrote that he was trying to e-mail JavaScript code from a Yahoo account to a G-mail account. The code will run in a preview pane, he wrote. But if the code is mailed from one Gmail account to another, it is filtered out, he said. Some visitors to the blog reported being able to replicate the findings, but others said later that they were not able to and that the supposed flaw had been fixed."

Fixed

[hetairoi]

SANS Internet Storm Center says it's fixed. Seems pretty silly.

Re:Security flaw?

[tpgp]

I'm probably just very very dense, but ... out of the description, how is that a security hole?

Basically - you don't want someone to be able to send you javascript that will execute when you read a message. It can allow the attacker far to much leeway (within the confines of your browser)

Here's an (old) example that affected Microsoft's hotmail service that gives you an idea of why you don't want want javascript sent to you to execute.

Less seriously - it makes it trivial for spammer to verify that someone is opening their spam.

Re:Gmail security can be over agressive too

[TClevenger]

Rename the extension of the ZIP file to .Z instead of .ZIP. GMail passes it right through, and WinZip (as well as many other Windows-based tools) will still see it as a ZIP file and give it the correct icon, minimizing confusion on the part of users.

Do you get this Gmail error.

[earthstar]

This is one Gmail bug I see of late... I get mails with lots of pics in it forwarded by friends to my gmail account without a problem.However when I forward it to any other email address [ including to my own Gmail address] , only the text appears & the pics dont (only rectangles with 'X' appear]. I have been having this problem for the last 1 week or so only. has any one of you come across such a problem too?