Gmail security hole found and fixed

A bug of Gmail has been found which, if being abused, could give you access to any account. The bug was discovered in 14 Oct, by Anelkaos of elhacker.net. Anelkaos reported it to Google, which then fixed the bug 4 days later.

I have a very quick look at the hacking procedure. If I understand that correctly, it involves using an victim’s partial "authentication string" - something like session ID or the long, seemingly random string sometimes you could see in URLs - to fake Gmail into believing that you were logged in as the victim. The procedure looks complicated, but can definitely be eased by a script or something.

Anyhow, it is glad that Google has fixed it rather quickily.



VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL