Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

GMail Exploit Is Now Fixed

Rub3X (999771) writes | more than 7 years ago

Google

Rub3X writes "Earlier I reported that Google had a flaw in which it stores contact details in a JavaScript file on their server. A website could in return declare the function "google", and put all your contacts and their details into an array. From there it could have been parsed and sent to the malicious server using Ajax. Earlier today there were reports on zdnet that said the flaw was fixed, however at the time it wasn't true. Currently as of 8 PM EST the flaw has been fixed. When attempting to execute the attack, all you get is a blank page now. Visiting the old page on Google that revealed all the data in an XML file now gives an error. If you don't get the error log out of Google's services and back in."

cancel ×

comment

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...