Slashdot Mirror

← Back to Stories (view on slashdot.org)

GMail Vulnerable To Contact List Hijacking

Posted by Hemos on from the in-special-circumstances dept.

Anonymous Coward writes "By simply logging in to GMail and visiting a website, a malicious website can steal your contact list, and all their details. The problem occurs because Google stores the contact list data in a Javascript file. So far the attack only works on Firefox, and doesn't appear to work in Opera or Internet explorer 7. IE6 was un-tested as of now."

9 of 139 comments (clear)

  1. Phew! by sorrill · · Score: 4, Funny

    We are lucky it was not Microsoft's Hotmail!

  2. Thank goodness by messner_007 · · Score: 4, Funny

    Thank goodness. I was beginning to think that no one cared about my contacts.

  3. Re:Why do I bother with this site? by Headcase88 · · Score: 5, Funny
    I could do nice armchair job at Slashdot.

    Not with that sentence structure. You only made one grammar error. You could never be a /. editor.
    --
    "When the atomic bomb goes off there's devastation...but when the atomic bong goes off there's celebraaaaation!"
  4. Wow! by repruhsent · · Score: 2, Funny

    I'm glad that I run Firefox on Linux!

    Oh wait...

  5. Re:Submitter has a problem with Firefox? by islanduniverse · · Score: 3, Funny

    I'm glad I've switched back to IE7!

  6. Re:Submitter has a problem with Firefox? by MobileTatsu-NJG · · Score: 1, Funny

    "Does the submitter have some agenda against Firefox?"

    Nah, it was just a gag to get ppl to RTFA.

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  7. GMail is beta by asCii88 · · Score: 2, Funny

    You shouldn't be suprised... as you all know GMail is still in beta.

  8. Re:Works in most any java-script browser by thopkins · · Score: 2, Funny

    Most users on Slashdot won't click any links, especially links for the articles on which they are about to comment. ;)

  9. Re:Which is the problem? by Anonymous Coward · · Score: 2, Funny

    Uhhh... you should be thanking these "bozos" for releasing the exploit so it can be fixed, tough-programmer-guy. If your programmer friends are such l337 d00ds then maybe they'd find and fix some of these exploits themselves, instead of being blindly vulnerable until some "bozos" save their ass. BTW, what does being a programmer have to do with being able to "retaliate" against some obviously much smarter programmers? Gonna send them some code? Gonna do a double compile on their bitch asses?

    Why dont you ask your l337 h@X0r buddies to just look at the code. Then you'd see how the vulnerability works, and what information it can retrieve. Though I dont know if the code will look right when they try to open it in VB.