All the latest UK technology news, reviews and analysis
|
|
|
03 Mar 2006
Google has plugged a vulnerability in its Gmail service that could allow an attacker to gather email addresses from a user's account and possibly gain access to the account.
A blogger by the name of 'Anthony', who claims on his blog to be 14 years old, accidentally stumbled on the flaw when he was mailing some JavaScript to his Gmail account from an outside email address.
When he opened the message in Gmail, the service executed the script. " Apparently JavaScript will run if it is within the preview of the message," Anthony wrote on his blog.
Google confirmed the vulnerability in an email to vnunet.com. "We learned of a minor security flaw in Gmail a little while ago and worked quickly to fix the problem, which has now been resolved," wrote Google spokeswoman Sonya Borälv.
Google criticised the blogger for publicly disclosing details about the flaw before notifying the company.
"We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the vulnerability public," said Borälv.
The blog posting went up on Wednesday at around noon. Google had updated and patched its service about three hours later.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Are you a versatile software tester, who wants to work...
An excellent opportunity has arisen working for a prestigious...
Linux System Administrator - RedHat - Apache - Scripts...
MetaTrader 4 MT4 Technical Support Engineer required...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Access to gmail account
I have cleaned my cache, I use Internet Explorer and McAfee Virus Scan only ,no firewall settings.. I have contacted tech support 3 different times again, nothing has changed.. I cannot get my gmails and I am still getting the same message.. I hope someone from tech support will see this and do something about it..I am not the only one having this problem as I have seen at nine other complaints at google help/support . I use Google Tool Bar as well . on one advice I have set IExplorer to accept cookies/ads from mail.google &www.goolgle.com ,but all in vain . On help/suppoert site I cannot fill/tick the form as it appears partially on my monitor so there is noway to get help. for 4 days I have been trying to access my gmail.Any help???
Posted by: Nasim Raie 17 May 2006
Yeah sure
So they want to point the blame at the kid. Google Fd up and they can't stand the heat. Minor problem, I know, but who cares he could have done whatever he wanted.
Posted by: Daniel 06 Mar 2006
new problems?
Today 4th March, been unable to access gmail at all. Is the problem bigger than we thougt? Where can we get info?
Posted by: Mister.nif 04 Mar 2006
Fixed & gave guidance
I'm glad they pointed out fix first then go public. We are all lucky that this one could be fixed quickly.
Posted by: Chaplain William Nichols 03 Mar 2006