By altering the "From" address field of an e-mail sent to the service, hackers could potentially find out a user's personal information, including passwords.
At first glance, to the average user the e-mail would appear normal. But by clicking "show options" within the Gmail interface, the "Reply-To" field will show HTML code that is actually a formatted version of another user's e-mail, HBX wrote on its Web site.
Such silly mistakes! and then they claim they're the most trusted service providers online.
11:25 pm on Jan 17, 2005 (gmt 0)
Well really these mistakes are pretty easy to make. How many forums are there out there that still have a way of inserting arbitrary HTML? A lot. And XSS expoits are rampant. Fact is humans just do not think of everything.