« Shorter Pudding VoIP Premise: What's the Fourth Amendment Between Friends? | Main | Bill Would Up Fines for Slow ISP Response to Child Porn »

September 27, 2007

Novel Gmail Vulnerability Creates Malicious Filters

GNUCitizen outlines a Gmail hijack technique that involves injecting a filter into the victim's Gmail account. Since Gmail filters can do all sorts of things, including just dumbly forwarding mail to some other address.

Two things:

1. From the comments in that entry, it looks like Google's already shutting down attempts to recreate the exploit by popping up "Sorry ... your account is malfunctioning" messages.

2. The problem is a little oversold in that blog entry:

I repeat, it is persistent. It is very critical and very unlikely that you will detect it unless you are an uber user.

If, by "uber user" we mean "people who use filters," because anyone who uses them and happens to look over his or her filter list will probably catch this.

Other comments in that entry note the Firefox add-on NoScript as a potential remedy for this attack and others like it.

I use NoScript and I admire its thoroughness if not its occasional inconvenience. It's a pain to hand-clear sites .... especially ones that use Javascript in a manner that they either fail to respond to clicks without obviously failing or whisk the user off to a 404 page if whatever automated URL generation that's supposed to happen in the page's code doesn't.

Pain or not, I'd rather deal with NoScript's occasional overprotectiveness than the alternative.

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 3:04 PM | Add Comment

Leave a comment

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

Captcha:

Type the characters you see in the picture above.