A security researcher has discovered a serious vulnerability in GMail that makes it possible for a malicious site to add filter to your Gmail account which will then automatically forward all your email to another email address. Basically the vulnerability works like this:
The victim visits a malicious page while logged into GMail. The malicious page then submits a request to GMail using the victim’s credentials, the request creates a filter which forwards all the email to a third party address.
To be clear cross-site scripting (XSS) attacks are nothing new and many online applications can and do suffer from them. Simply using a different browser or operating system does not resolve the issue when an attacker can attack the application directly they do not need to worry about browser specific or operating system specific vulnerabilities (though there are browser XSS attacks). As users the best thing we can do is be mindful of the sites we visit and the sites we remained logged into and regularly clear cookies and consider not remaining logged in persistently to services.
Until GMail announces that they have resolved the issue I would recommend not remaining logged into the GMail service when visiting any sites you don’t implicitly trust.
Update: While writing this post I visited the site and refreshed. Petko had updated his site to say that this vulnerability had been resolved. I am still going to post this article as I hope it will raise awareness about this issue and get people thinking about security.
No comments yet.
Comments RSS TrackBack Identifier URI
Leave a comment
No Comments