Msg#: 3204941 posted 12:51 pm on Jan 1, 2007 (gmt 0)
the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you're logged into Gmail and browsing the web, any rogue website can declare the function "google" and then parse all your contacts.
Msg#: 3204941 posted 1:09 pm on Jan 1, 2007 (gmt 0)
There is a website that actually shows you,your contact list, After logging in and out, I tried it and it still shows all my contacts its not showing my email address but its showing my entire contact list.