Comments on: GMail Vulnerable To Contact List Hijacking

By: taj

taj — Tue, 18 Mar 2008 07:50:59 +0000

hi there,
when ever i open a picture in my gmail account. i can still open that picture from the history even after loggin out from the Gmail. how do i stop it

By: psychodeath

psychodeath — Wed, 12 Mar 2008 19:06:04 +0000

I didn’t get it… the ‘exploit’ is showing you info stored on your computer, and sent FROM a server TO your computer, but it is at no point sending private data from your PC to a third party… which is exactly what javascript is supposed to do… am I missing something here? is it so ridiculously simple to somehow send this client-side data somewhere that they didn’t bother to show us how…?

By: 3Monkeys

3Monkeys — Tue, 02 Jan 2007 22:26:18 +0000

Being a Linux user, I rarely have to worry about viruses, worms or spyware, though sometimes, as with the recent GMail hack, I do. Therefore, I subscribe to several computer security related RSS feeds and this one scrolled by earlier today, ‘Happy New Year’ Worm Gains Ground.

By: Alex Bailey

Alex Bailey — Tue, 02 Jan 2007 04:54:54 +0000

[quote comment="5460"]google ({
Success: false,
Errors: []
})[/quote]

Please see cyber-know...now-fixed/

By: merkelcellcancer

merkelcellcancer — Tue, 02 Jan 2007 03:33:52 +0000

google ({
Success: false,
Errors: []
})

By: Uncle

Uncle — Mon, 01 Jan 2007 20:58:58 +0000

Doesnt work on Vista.

By: Yasser

Yasser — Mon, 01 Jan 2007 16:09:38 +0000

Im pretty sure there will be more to come, its just a matter of time.

By: Leion

Leion — Mon, 01 Jan 2007 16:01:18 +0000

This is so cool!
I never close my gmail tab on my firefox. I think I need to change my habits a bit

By: crill

crill — Mon, 01 Jan 2007 15:52:33 +0000

Works with Firefox only.
With IE7 and Opera it doesn’t work.

By: Haochi

Haochi — Mon, 01 Jan 2007 14:21:39 +0000

Hi, I am the one that found the bug.
First of all, I am sorry if it causes any inconvenience, or if it make you feel insecure of Gmail. I apologize.
The intention that I submitted to Digg was only to Google’s attention to fix the bug, since I have contact them for hours, and they have failed to done so. (and the bug hasn’t yet be fixed.)
I would have never ever think of any one would paste the clear code out, although it’s encoded a little, but I know that it’s easy to decode – Firefox comes with a cool feature. :)
Once again, sorry to anyone for any inconvenience and sorry for this new year’s gift to Google.

By: Atfor Nohcud

Atfor Nohcud — Mon, 01 Jan 2007 13:54:10 +0000

I can never understand why people have to use these lists and address books that you find in popular programs for novices such as outlook express.
You are looking for “trouble on the fairway”.
Anything that is popularily used by default is bound to be a target.
Other than if you are running a big multi million dollar enterprise with tons of employees and committees why take the chance of being hit.
What is so hard about sending email manually ?

By: mesuot

mesuot — Mon, 01 Jan 2007 13:22:26 +0000

[quote comment="5345"]function google(a){ var emails; emails = "" emails = "" a.Body.Contacts[0].Email " " for(i=1;i<a>" a.Body.Contacts[i].Email ""; } emails = "" document.write(emails); }

[/quote]

don’t forget the plus signs, and it’s working like a charm.

By: Vibes

Vibes — Mon, 01 Jan 2007 13:09:50 +0000

The cross scripting on gmail contact list work also on safari under mac os x…

By: Michael

Michael — Mon, 01 Jan 2007 13:07:28 +0000

ouch, this is amazing and nothing can be done to fix this or is gmail using this to build their own mega contact list?

By: Tiago

Tiago — Mon, 01 Jan 2007 12:40:39 +0000

Hi.. Could someone help out?
After opening googlified...ctlist.htm
the email marked with [……..