Froogle Bug Gives Way to Gmail and Google Passwords

Jan 17, 2005 • 8:56 am | comments (1) by | Filed Under Google News & Finances

From last week, Froogle/Gmail Hack Warning.

An Israeli hacker has uncovered a flaw in Froogle, Google's price-comparison service, which could allow access to users' Gmail accounts. Nir Goldshlager, who discovered the flaw, warned that URL-embedded Javascript could end up causing personal information to be revealed.

If users execute the script by clicking a link, they would be redirected to a malicious website. From there, hackers can read a user's cookie. It may contain personal information, such as purchase histories, or the username and password used to access Google services - such as Gmail.

Goldshlager warned that even if the user chooses not to save the cookie, the hacker can still discover the username and password for other services such as Google Alerts and Groups because of the way that data is stored.

Brett from WebmasterWorld, in the thread discussing this topic points to the Hebrew version of the news. And it was Slashdotted here.

Previous story: Seth Godin Awakens From Long Slumber...Discovers Something Called Search Marketing
Ninja Banner
blog comments powered by Disqus