Welcome to WebmasterWorld Guest from 54.196.232.162

Forum Moderators: open

Message Too Old, No Replies

Gmail Bug Exposes E-mails to Hackers

     
11:03 pm on Jan 13, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member tropical_island is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 16, 2002
posts:2744
votes: 0


From Eweek:
[eweek.com...]

By altering the "From" address field of an e-mail sent to the service, hackers could potentially find out a user's personal information, including passwords.

At first glance, to the average user the e-mail would appear normal. But by clicking "show options" within the Gmail interface, the "Reply-To" field will show HTML code that is actually a formatted version of another user's e-mail, HBX wrote on its Web site.

11:37 pm on Jan 13, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 18, 2003
posts:1925
votes: 0


Wow it's a serious issue they got!
11:39 pm on Jan 13, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 16, 2003
posts:1298
votes: 0


It has already been fixed.

[slashdot.org...]

10:57 am on Jan 14, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member tropical_island is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 16, 2002
posts:2744
votes: 0


Thanks Chndru.
6:47 am on Jan 15, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Oct 30, 2003
posts:359
votes: 0


Such silly mistakes! and then they claim they're the most trusted service providers online.
11:25 pm on Jan 17, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 13, 2004
posts:428
votes: 0


Well really these mistakes are pretty easy to make. How many forums are there out there that still have a way of inserting arbitrary HTML? A lot. And XSS expoits are rampant. Fact is humans just do not think of everything.