Quote:
Originally Posted by V_RocKs
No.. This dipshit used Internet cafes in India of all places and didn't expect the owners or other clients to install key loggers and other shit.
|
You did or are you talking about the guy in the original article? Regardless of where he was accessing the internet, there was a confirmed security flaw with Gmail.com that allowed code from a scammer's site to control Gmail functions if you were logged in there.
This is the third major CSRF security flaw at GMail this year alone.
The first was fixed early in the year and allowed your contact list to be seen by anyone:
http://www.cyber-knowledge.net/blog/...ist-hijacking/
Then shortly later more flaws were found that allowed access to all sorts of things:
http://blogoscoped.com/archive/2007-01-12-n73.html
The third known flaw is the one we are discussing now:
http://searchsecurity.techtarget.com...274261,00.html
Considering Google's spotty record on CSRF issues, it seems as if the only protection is to either log out before accessing any other website or just stop using GMail entirely right now for anything serious.
We can only speculate on how safe their system currently is or if these flaws will continue to surface in 2008.