homepage Welcome to WebmasterWorld Guest from 54.196.201.253
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Google / Google News Archive
Forum Library, Charter, Moderator: open

Google News Archive Forum

    
Major Froogle/Google/Groups/Gmail Security Bug found
Brett_Tabke




msg:130245
 4:34 pm on Jan 14, 2005 (gmt 0)

If you can read Hebrew, you can read the details here:

[ynet.co.il...]

If you can't, you can read the interp report here:

[aviransplace.com...]

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the userís Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the userís cookie, which contains personal information, such as purchase history, user name and password for Google services.

This, the same day that they fixed another Gmail bug:
[computerworld.com...]

 

Powdork




msg:130246
 6:18 pm on Jan 14, 2005 (gmt 0)

Is there any way folks could get hold of adsense or adwords passwords this way?

paladin




msg:130247
 7:22 pm on Jan 14, 2005 (gmt 0)

Hey Brett,
As an FYI - that page in Hebrew is just a login page, not the actual article. That newspaper changed their site to subscription based a few years ago.

Alon

Yelled_Boy




msg:130248
 7:31 am on Jan 15, 2005 (gmt 0)

The ynet article also states that this kind of flaw, although not trivial to perform, is present in many major sites, and that users should be aware of any comparison sites using URL referrals with your proprietary user ID or account ID stringed to it.

Ron

webnewton




msg:130249
 7:45 am on Jan 15, 2005 (gmt 0)

[slashdot.org...]

Has been fixed.

Powdork




msg:130250
 7:59 am on Jan 15, 2005 (gmt 0)

Has been fixed.
Did you read all of Brett's initial post?
emoshe




msg:130251
 10:15 am on Jan 15, 2005 (gmt 0)

Well actually Ynet is still free for Israeli users, however, worldwide IPs has to subscribe. Just confirmed that with a proxy server.

Eyal

robster124




msg:130252
 2:25 am on Jan 20, 2005 (gmt 0)

Why on earth is this reported in Hebrew - only Jews can read Hebrew

walkman




msg:130253
 2:32 am on Jan 20, 2005 (gmt 0)

"Why on earth is this reported in Hebrew - only Jews can read Hebrew"

That's the language they write on their site. Anyone really interested (like Google) will find a Jew to translate it.

mattglet




msg:130254
 2:53 am on Jan 20, 2005 (gmt 0)

...only Jews can read Hebrew

Jews aren't the only people that can read Hebrew.

AAnnAArchy




msg:130255
 2:59 am on Jan 20, 2005 (gmt 0)

And some Jews (okay, LOTS of us) can't read Hebrew. But anyway, lots of high tech people are Israeli, so it stands to reason that some breaking stories will come out of Israel, and they won't be packaged all nice and tidy for Americans.

paladin




msg:130256
 3:29 am on Jan 20, 2005 (gmt 0)

For those complaining that they can't read Hebrew, remember...there are Jews/Israelis that cannot read English. So for them the only way to post/read this information is in Hebrew.

rocknbil




msg:130257
 5:22 pm on Jan 20, 2005 (gmt 0)

Edit: wrong thread, apologies all, been working too hard and late. :-)

[edited by: rocknbil at 5:49 pm (utc) on Jan. 20, 2005]

walkman




msg:130258
 5:34 pm on Jan 20, 2005 (gmt 0)

I posted this of Foo yesterday. [webmasterworld.com...]

"It wasn't yesterday, in fact this worm may have been around for months and it's just not being recognized by virus software. It apparently can even operate users' connected webcams - the perpetrator was arrested while spying on several remote comps this way. If true, this is big."

2by4




msg:130259
 7:06 pm on Jan 20, 2005 (gmt 0)

And here's the kicker, apparently although the bug has been fixed, all compromised accounts, even if the user changes their password, are still open to the crackers.

Now imagine that scenario when the next desktop search hole is found and you'll start understanding why desktop search is possibly one of the very worst ideas ever to come up, about as bad as linking IE to the guts of Windows through active x etc. Some ideas are just intrinsically bad.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google News Archive
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved