GMail Flaw Lets Anyone Read Your E-Mail
GMail Flaw Lets Anyone Read Your E-Mail
By Scott Gilbertson September 26, 2007 | 8:06:07 AMCategories: Google, email, security
Hackers have revealed that your GMail account is vulnerable to an attack that allows malicious folks to keep tabs on your e-mail traffic. The attack uses a clever (and particularly nasty) cross-site request forgery (CSRF) to create a persistent backdoor that can be used to read your e-mail. The exploit works by creating a new filter in your GMail account, which means it can do pretty much anything GMail filters are capable of - including forward your e-mail to another account. [...]
Go check your filters now!
1.) Open up GMail.
2.) Click on the "Create a filter" link next to the "Search the Web" button.
3.) Click on the "Show current filters" link under the Subject search field.
4.) Examine your filters and delete any filter you did not create or know what it is.
Use Firefox whenever possible. Use public key encryption such as GPG and FireGPG. FireGPG is a plugin for firefox that seamlessly adds the GPG encryption capability to GMail. If your email was encrypted, you wouldn't have to worry about exploits like this. Your email may have been forwarded, but it sure wasn't read.
By Scott Gilbertson September 26, 2007 | 8:06:07 AMCategories: Google, email, security
Hackers have revealed that your GMail account is vulnerable to an attack that allows malicious folks to keep tabs on your e-mail traffic. The attack uses a clever (and particularly nasty) cross-site request forgery (CSRF) to create a persistent backdoor that can be used to read your e-mail. The exploit works by creating a new filter in your GMail account, which means it can do pretty much anything GMail filters are capable of - including forward your e-mail to another account. [...]
Go check your filters now!
1.) Open up GMail.
2.) Click on the "Create a filter" link next to the "Search the Web" button.
3.) Click on the "Show current filters" link under the Subject search field.
4.) Examine your filters and delete any filter you did not create or know what it is.
Use Firefox whenever possible. Use public key encryption such as GPG and FireGPG. FireGPG is a plugin for firefox that seamlessly adds the GPG encryption capability to GMail. If your email was encrypted, you wouldn't have to worry about exploits like this. Your email may have been forwarded, but it sure wasn't read.