Sales
0161 215 3700
0800 458 4545
Support
0800 230 0032
0161 215 3711

Google plugs brace of GMail security flaws

Google plugs brace of GMail security flaws

Google fixed a brace of security holes to its web-based services last week. Each posed a serious risk for users of its popular GMail service. A flaw in Froogle, Google's price-comparison service, created a means for attackers to swipe cookies used to access GMail accounts. Israeli hacker Nir Goldshlager demonstrated how users fooled into executing script by clicking a link pointed at Froogle could be redirected to a site that steals usernames and passwords for the "Google Accounts" centralised log-in service. Google has fixed the vulnerability, preventing further theft. But Goldshlager warns that data from already stolen cookies can still be used even if the password of compromised accounts is changed. "The system authenticates the hacker as the victim, using the stolen cookie file. Thus no password is involved in the authentication process. The victim can change his password as many times as he wants, and it still won't stop the hacker from using his box," Goldshlager said, eWeek reports. Last week Google fixed a separate bug in its GMail email service that allowed attackers to snoop on users' email or obtain passwords. The security flaw was uncovered by Unix community group HBX Networks in developing code to send batches of newsletters. Email sent using this PERL code was accidentally malformed the 'From' field in such a way as to confuse GMail's systems into embed portions of someone else's HTML message back to the sender along with a test message. Some of these leaked messages contained GMail usernames and passwords; so it's just as well that Google acted quickly to plug the security hole to its popular service still officially undergoing beta testing. Google fixed the bug by adopting its service to reject the type of malformed message demonstrated by HBX Networks. UKFast is not responsible for the content of external Internet sites.

print this article

Return to internet news headlines
View Internet News Archive

Share with: