• Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.

Хакери открија дупки во: Gmail, Blogspot и Picasa

Статус
Затворена за нови мислења.
  • Ја почнал/а темата
  • #1

LiquidWorm

Администратор
26 март 2007
2,667
183
www.zeroscience.mk
Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance

Google’s security model is not holding up very well to scrutiny from hackers.

In the past few days, there have been multiple disclosures of security vulnerabilities in a wide range of Google products, including a persistent e-mail theft issue affecting the widely used GMail service.

The unpatched GMail bug, which was demonstrated for me by hacker Petko D. Petkov, is particularly nasty because of the way the exploit works without any user action and the fact that it’s difficult for the average GMail user to know that e-mails are being stolen.

The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.

The attack technique is known as cross-site request forgery (CSRF) and has haunted Google in the past. Earlier this year, the company was forced to correct a similar flaw after details leaked out on an issue that put GMail contact lists at risk.
Повеќе: http://blogs.zdnet.com/security/?p=539

:rolleyes:
 
Статус
Затворена за нови мислења.

Нови мислења

Последни Теми

Онлајн администрација

Статистика

Теми
43,518
Мислења
822,433
Членови
28,050
Најнов член
mindifislytherin
На врв Дно