Comments on: Gmail contacts flaw: Overview and suggestions http://betterexplained.com/articles/gmail-contacts-flaw-overview-and-suggestions/ Learning shouldn't hurt. Let's share the insights that made difficult ideas click. Sat, 7 Nov 2009 23:27:48 -0800 http://wordpress.org/?v=2.8.4 hourly 1 By: The Cross-Site Request Forgery (CSRF/XSRF) FAQ « Dogfeeds——IT Telescope http://betterexplained.com/articles/gmail-contacts-flaw-overview-and-suggestions/#comment-247883 The Cross-Site Request Forgery (CSRF/XSRF) FAQ « Dogfeeds——IT Telescope Mon, 06 Jul 2009 08:10:55 +0000 http://betterexplained.com/articles/gmail-contacts-flaw-overview-and-suggestions/#comment-247883 [...] A vulnerability in GMail was discovered in January 2007 which allowed a attacker to steal a GMail user’s contact list. A different issue was discovered in Netflix which allowed an attacker to change the name and address on the account, as well as add movies to the rental queue etc… [...] [...] A vulnerability in GMail was discovered in January 2007 which allowed a attacker to steal a GMail user’s contact list. A different issue was discovered in Netflix which allowed an attacker to change the name and address on the account, as well as add movies to the rental queue etc… [...]

]]> By: Google Chrome + SE Linux = Navegador Blindado « Ulisses Castro (thebug) - Ethical Hacking, Pentest and Computer Security http://betterexplained.com/articles/gmail-contacts-flaw-overview-and-suggestions/#comment-198839 Google Chrome + SE Linux = Navegador Blindado « Ulisses Castro (thebug) - Ethical Hacking, Pentest and Computer Security Thu, 11 Sep 2008 21:58:12 +0000 http://betterexplained.com/articles/gmail-contacts-flaw-overview-and-suggestions/#comment-198839 [...] Com isto já podemos imaginar as possibilidades por exemplo navegar com uma aba nas páginas da intranet da sua empresa tranquilamente e em outra aba você poderia navegar pelos sites mais promíscuos do universo sem ter medo, pois são duas abas completamente isoladas e cada uma trancafiada dentro de seu próprio domínio! Será que CSRF, XSS e similares estão com os dias contados?:) Será que CSRF, similares e ataques como este por exemplo, estão com os dias contados? :( [...] [...] Com isto já podemos imaginar as possibilidades por exemplo navegar com uma aba nas páginas da intranet da sua empresa tranquilamente e em outra aba você poderia navegar pelos sites mais promíscuos do universo sem ter medo, pois são duas abas completamente isoladas e cada uma trancafiada dentro de seu próprio domínio! Será que CSRF, XSS e similares estão com os dias contados?:) Será que CSRF, similares e ataques como este por exemplo, estão com os dias contados? :( [...]

]]> By: Maria.Germany http://betterexplained.com/articles/gmail-contacts-flaw-overview-and-suggestions/#comment-125652 Maria.Germany Mon, 21 Jan 2008 15:59:27 +0000 http://betterexplained.com/articles/gmail-contacts-flaw-overview-and-suggestions/#comment-125652 Hello, I know "nothing" about programming but urgently need help! My contact list and parts of emails are spyed out (storaged in cookies)!!! Last Thursday I was logged into my gmail account when suddenly everything slowed down and certain functions like "compose" didn't work anymore. I clear out my folder "temporary internet files" once or twice a day. When gmail wasn't working properly I logged in and out and switched to the folder "temporary internet files". I saw that a CONTACT ADDRESS which I didn't use for about 3 years was part of the text of a cookie. I cleared the folder but when I logged in again there was the same cookie. Same happened with about 20 other contacts, most of them I didn't use for years! I then cleared my contact list. Then it was getting even scarier: Parts of old message and data were part of new created cookies. There are other cookies which show symbols like ?????????, %%%% or squares. The most extreme which happened then was: I did screenshots of the suspicious cookies to have some sort of documentation. I storaged these screenshots in a completely different folder. Suddenly there was in the folder temporary internet files a new jpg cookie of which the text started with ?? and then continued with the folder path! Some other cookies contain information of the registry. All this just happens when I'm logged into my gmail account. I'm completely lost cause I'm no technician at all. I don't know what to do. I tried to call up Google Germany but there's just an answering machine which says "no support". Hello,
I know “nothing” about programming but urgently need help! My contact list and parts of emails are spyed out (storaged in cookies)!!!

Last Thursday I was logged into my gmail account when suddenly everything slowed down and certain functions like “compose” didn’t work anymore.

I clear out my folder “temporary internet files” once or twice a day. When gmail wasn’t working properly I logged in and out and switched to the folder “temporary internet files”.

I saw that a CONTACT ADDRESS which I didn’t use for about 3 years was part of the text of a cookie. I cleared the folder but when I logged in again there was the same cookie.

Same happened with about 20 other contacts, most of them I didn’t use for years!

I then cleared my contact list.

Then it was getting even scarier: Parts of old message and data were part of new created cookies.

There are other cookies which show symbols like ?????????, %%%% or squares.

The most extreme which happened then was: I did screenshots of the suspicious cookies to have some sort of documentation. I storaged these screenshots in a completely different folder. Suddenly there was in the folder temporary internet files a new jpg cookie of which the text started with ?? and then continued with the folder path! Some other cookies contain information of the registry.

All this just happens when I’m logged into my gmail account.

I’m completely lost cause I’m no technician at all. I don’t know what to do.

I tried to call up Google Germany but there’s just an answering machine which says “no support”.

]]>