GMail JS Security Flaw Exposes All Your Contacts


Tried to link to the original post but it seems to have gone AWOL, but Engadget does a nice job of explaining what's going on. Gmail bug exposes your mail account to spammers

Well, we hate to break the bad news at the dawn of the new year but there's a weakness in Gmail which exposes your email address to any web site capable of exploiting the bug. As reported on Digg, the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you're logged into Gmail and browsing the web, any rogue website can declare the function "google" and then parse all your contacts.



I have tried it. Google still hasn't fixed it! No comment...

As I mentioned on reddit...

[sorry for the duplicate content] Cost me $40/year but that's a bargain! Awesome skinnable interfac, POP3+IMAP+SSL support, syncs w/ GMail, YMail, POP3, IMAP, etc etc etc. Allows you to *effortlessly* archive your folders of mail into zip or tar.gz. 1000 MB of filesharing w/ yourself and people in your friends' list, AJAX calendar, notepad, etc, etc etc. and don't EVEN get me started on the AWESOME advanced search and *sorting* features!

Why are you using GMail when you can't even sort by sent date???? Or edit your message in raw HTML if you wanted? Or embed pics to non-technical friends? Hell, why are you stuck w/ their mostly-flat address book that can't be imported or exported very well?? With your 1 GB of file space, you can also have them host your own friggin domain on it.

GMail *sucks* compared to fastmail.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.