A vulnerability in Gmail that lets the bad guys access and manipulate filters in your Gmail account has once again reared its ugly head according to a recent post on GeekCondition.
The exploit, similar to the one David Airey was a victim of in December 2007 when his site was hijacked, caught our attention thanks to Philipp Lenssen's post this morning over on Blogoscoped. While the general consensus is that Google had fixed the vulnerability, turns out it's still there.
How the Gmail Exploit Works
It begins when you visit a malicious site while logged into Gmail. Whether the link is initiated through your Gmail account or not, the malicious site can access your internal credentials.
The malicious site then, unbeknownst to you, can create an automatic filter that diverts your e-mail to a different e-mail account. Given all this happens on Google's mail servers, you are none the wiser until you look at your filters. A detailed write up about this process is available at GeekCondition: Gmail Security Flaw Proof of Concept.
keyboard shortcuts: V vote up article J next comment K previous comment