Gmail exploit may allow attackers to forward e-mail
When you create a filter in your Gmail account, a request is sent to Google's servers to be processed. The request is made in the form of a url with many variables. For security reasons, your browser doesn't display all the variable contained within the url. Using FireFox and a plugin called Live HTTP Headers, you can see exactly what variables are sent from your browser to Google's servers.
After that, an attacker just needs to identify the variable that is the equivalent of the username.
To avoid being a victim of the vulnerability, users should check their filters often, Brandon suggests. Firefox users can download an extension called NoScript that helps prevent these attacks
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment