Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google fixed serious security hole and very fast


  • Please log in to reply
2 replies to this topic

#1 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:22 AM

Posted 21 November 2010 - 07:45 PM

Okay this security hole is fixed now but its still security news ;)

The exploit worked like this : if you are logged into Gmail in your browser and visit a specially designed web site, then the malicious site can steal your Gmail email address and can send you an email with genuine Google headers (as if sent by Google, no spoofing).

http://techcrunch.com/2010/11/20/whoa-google-thats-a-pretty-big-security-hole/
http://www.examiner.com/technology-in-national/security-hole-allows-harvesting-of-your-gmail-address-if-you-are-logged-in

BC AdBot (Login to Remove)

 


#2 T Simon

T Simon

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:07:22 AM

Posted 22 November 2010 - 08:54 AM

god, terrible... how long did it take before it was patched?

#3 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:22 AM

Posted 22 November 2010 - 11:50 AM

The news of exploit was hot for the whole day on the TechCrunch site (I got the news from Twitter). In the evening Google said they blocked the example exploit blog and patched the security hole. So, for public, it lasted one whole day. But nobody knows how long did the exploit finder guy from Armenia knew this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users