January 15, 2005

Froogle flaw shows Gmail details


by brian_turner

A security flaw in Google’s popular e-commerce application, Froogle, has been reported, in which hackers can harvest Gmail account details.

Discovered by Israeli hacker Nir Goldshlager, and reported by Aviran Mordo in Serious flaw in Froogle Reveals Gmail Accounts:

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the userfs Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the userfs cookie, which contains personal information, such as purchase history, user name and password for Google services.

Apparently, Google stores a unique identifier on the user’s computer, which once compromised can allow the hacker to access username and password details for other Google services, such as Google News and Google Alerts.

Questions? Discuss this in our Internet Business forums for help and advice

Story link: Froogle flaw shows Gmail details

Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL
ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL

Related stories:

 

Leave a Reply




 

Previous: « Bruce Tognazzini: “10 Most Persistent Design Bugs”
Next: FBI blows $180 million on software upgrade »

Visited 2202 times, 2 so far today