Other Gmail Security Flaws?

    September 26, 2007

Whenever you hand over your sensitive daily tasks–such as email, word, spreadsheets–to an online provider, you’ll always have that nagging doubt about security.

GmailSurely though, if that provider is Google, you never have to fear about the security of your data. Right?

As ESPN’s Lee Corso would say: “Not so fast!”

It appears that Google had to fix a major flaw that allowed hackers to infiltrate Gmail and set up a filter to forward all email to the account of their choice. Here’s how it works…

The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim?s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.

Go check this now. We’ll be right here when you get back!

Ok, you weren’t one of the victims? Good for you! But, it does make you wonder just how safe and secure your information is, doesn’t it?