Cross-site request forgery vulnerability found in Gmail


Looks like Gmail has another security hole. 

This is the second major Google security vulnerability to be revealed this week. On Monday, security researcher Fernando Bedford provided a proof-of-concept exploit for a Google cross-site scripting vulnerability in Google’s Blogspot polls API that facilitated e-mail hijacking and address book sniffing. That vulnerability was fixed by Google shortly after it was reported, but it is presently unclear whether or not the vulnerability discovered by Petkov has been fixed yet.

At least these security issues bring attention to security as a whole; preventing people from becoming too lax in the area of security.

Serious cross-site request forgery vulnerability found in Gmail

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Information
September 28th, 2007
No Responses
Feeds and Links
Comment Feed
From This Author
Del.icio.us
Digg
Technorati
Categories
Hot News

Other Posts

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Reader Comments

Be the first to leave a comment!