Gmail vulnerability exchange Google’s attention
By Gina on November 23, 2010 | Vulnerabilities, vulnerability, Gmail, Google, Gmail account, Google account, Gmail address, legitimate Gmail address
21 year old Armenian hacker has found vulnerability in the Google Apps Script API that enabled Gmail addresses to be used in sending messages without user’s permission or knowledge. It has to be noted, that emails were send from legitimate Gmail addresses. The way of message is still unknown but the flaw is already fixed.
An attack wasn’t malicious one. The hacker was seeking to bring public’s attention that Google wasn’t answering to his messages when he tried to contact with them and to disclose details about the vulnerability especially when Google recently announced their bounty for everyone who will find vulnerabilities in its Web services.
An attempt to show vulnerability involved Blogspot page which enabled hacker to use everyone’s email addresses that were logged in to their Gmail/Google account.
In Google's statement was said: “We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after.“
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
