All the latest UK technology news, reviews and analysis

Google plugs Gmail security hole

by Shaun Nichols

More from this author

28 Sep 2007

Be the first to comment

  • Tweet this
Gmail
An attacker could configure Gmail filters to forward any archived or future messages

Google has patched a recently reported Gmail flaw that could allow attackers to steal information from inside a user account.

The vulnerability was discovered by independent security researcher Petko Petkov, who classified it as a cross-site request forgery.

Further reading

The attack is triggered when a user visits a website containing malicious code while logged into Gmail. The code executes a special command to access the Gmail account and sets up a new filter without the user's knowledge.

An attacker could configure the filter to forward any archived or future messages with certain keywords or senders' names to another email account.

Petkov did not release any details about the attack until Google had issued a fix.

The researcher argued that the attack could be more dangerous than system-based malware because a filter could be used to pick out precise personal details, such as bank account information.

"In an age when all the data is in the cloud, it makes no sense for the attackers to go after your box," Petkov wrote. "It is a lot simpler to install one of these persistent backdoor/spyware filters."

A Google spokesperson confirmed the vulnerability to vnunet.com but stressed that no attacks had been reported.

Users looking to verify that their Gmail accounts are still secure can check their active email filters by clicking on the 'Filters' tab in Gmail's 'Settings' panel.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Field/Site Engineering Manager/Leader

Field/Site Engineering Manager/Leader Brief: Polar...

Product Manager, Open Repository (ref:BMC/PMR)

Product Manager, Open Repository (ref:BMC/PMR) End...

Java/JEE Software Developer-Dotcom/eCommerce Software House

Java/J2EE Software Developer/Programmer - Dotcom/ eCommerce...

Field/Site Engineering Manager/Leader

Field/Site Engineering Manager/Leader Brief: Polar...

To send to more than one email address, simply separate each address with a comma.