Gmail exploit, allows website to get your contact list.

Forum Moderators: goodroi

Message Too Old, No Replies

Gmail exploit, allows website to get your contact list.

outrun

12:51 pm on Jan 1, 2007 (gmt 0)

the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you're logged into Gmail and browsing the web, any rogue website can declare the function "google" and then parse all your contacts.

[engadget.com...]

Best thing to do for now is to log out of google services and clear your cache, until the problem is fixed.

Span

12:57 pm on Jan 1, 2007 (gmt 0)

It seems they fixed it: [blogs.zdnet.com ]

outrun

1:09 pm on Jan 1, 2007 (gmt 0)

There is a website that actually shows you,your contact list, After logging in and out, I tried it and it still shows all my contacts its not showing my email address but its showing my entire contact list.

<edit>
The website:
[googlified.com.googlepages.com...]
</edit>

Span

1:28 pm on Jan 1, 2007 (gmt 0)

Not fixed indeed. Interesting. It shows the gmail address of a relative (not mine) and my contactlist..