Slashdot Mirror


GMail Vulnerable To Contact List Hijacking

Anonymous Coward writes "By simply logging in to GMail and visiting a website, a malicious website can steal your contact list, and all their details. The problem occurs because Google stores the contact list data in a Javascript file. So far the attack only works on Firefox, and doesn't appear to work in Opera or Internet explorer 7. IE6 was un-tested as of now."

4 of 139 comments (clear)

  1. Makes me glad I switched back to IE7 by Anonymous Coward · · Score: -1, Troll

    Firefox has become a bloated mess, the developers are incompetent and the open source model has been proven inefficient and insecure.

    Get it here: http://www.microsoft.com/windows/ie/

  2. you insEn5itive clod! by Anonymous Coward · · Score: -1, Troll
  3. Typical of /. by Anonymous Coward · · Score: -1, Troll

    If this was a problem with hotmail or yahoo, by now, there would have been a zillion posts trashing MS or yahoo. Since it is gmail, every post is trashing the submitter for saying firefox only and ignoring the other browsers (although that is a problem too). How typical of slashdot sheep

  4. Re:Which is the problem? by klept · · Score: 0, Troll

    To Stalus or anyone else on Slashdot. I have a couple of questions that I would deeply appreciate if they could be answered. Ok this latest hack on gmail. Is it only your contact list that they recieve. Is nothing else hacked into like your inbox, messeges sent, etc? If so, I will be lmaf. Many of my contacts are programmers, and they will not take this spam hack lying down. If anyone can track these bozos they will, and they know how to retaliate lol. Second, an earlier story had about 60 gmail account files completely deleted. Is this part of the same hack or problem? Or is it a seperate incident and as Google claimed a glitch that has been fixed? Perhaps when they corrected the "glitch" they created a "issue", like a vulnerability that caused this contact hack? Any enlightnment would be greatly appreciated. Thank you.