Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Politech mailing list archives

Gmail security flaw (the real reason not to use Gmail) [priv]
From: Declan McCullagh <declan () well com>
Date: Tue, 02 Nov 2004 02:04:21 -0500


-------- Original Message --------
Subject: Gmail exploit
Date: Fri, 29 Oct 2004 20:26:54 -0400
From: Adam Fields <politech0934859034 () aquick org>
To: declan () well com

For Politech, if you like

There's a Gmail exploit that allows an attacker to steal your Gmail
cookie, which thereafter identifies them as you to the system, even if
you change your password.

This seems like a huge problem for Google, above and beyond the actual
security breach. Remember that Gmail uses the same unlimited lifetime
Google cookie. The data in that cookie is, presumably, extremely
valuable for their tracking efforts, and I'd guess that this will be
difficult for them to fix in a way that maintains that.

I've blogged this:

http://www.aquick.org/blog/index.php?p=135

--
                                - Adam

-----
[ http://www.aquick.org/blog ]
[ http://www.adamfields.com ][ http://del.icio.us/fields ]
[ http://www.aquick.org/photoblog ][ http://www.aquick.org/gallery ]



_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

  By Date           By Thread  

Current thread:
  • Gmail security flaw (the real reason not to use Gmail) [priv] Declan McCullagh (Nov 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]