Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Exploit Allows Account HiJacking

Rub3X (999771) writes | more than 7 years ago

Security

Rub3X writes "To execute the attack, the victim needs to be logged in to a Google service, and visit a specially crafted page. The page in question is on a Google sub domain, so it does look legitimate. A proof of concept page was set up to verify the claims, and successfully tested on a user of the Google services in question. With this attack you can: Get in to Google Docs and Spreadsheets application and read and modify documents saved there, Read subjects from GMail, including part of the first sentence, Access the personalized homepage, View Google Accounts page, Enter Google Reader, Read your private Google Notebook, View my complete Google search history if search history feature is enabled."

cancel ×

comment

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...