DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd November 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,143
Thanked 182 Times in 149 Posts
Default 'High impact' Gmail password security hole blew accounts wide open

From http://www.theregister.co.uk/2013/11...password_flaw/

Quote:
Google has fixed a "high impact" security bug in Gmail's password reset system that could have left any account wide open to a crafty hijacker.

The flaw, spotted by security researcher Oren Hafif, was exploited by sending a spoofed email that reminds the Gmail user that it's time to reset their password. Clicking on the link sends the user to a website that masquerades as a Google page and asks for the user for a new password. That hacker-controlled site also initiates a cross-site request forgery attack via XSS that tricks Google into handing over the victim's login cookie.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Chrome 21 update closes high-risk security holes J65nko News 0 31st August 2012 11:04 AM
Security Critical open hole in PHP creates risks J65nko News 4 10th May 2012 06:04 AM
German federal finance agency's web server wide open J65nko News 1 12th March 2011 10:17 AM
Adobe: hole closed, hole open J65nko News 0 5th November 2010 06:50 PM
A failure in password security TerryP Off-Topic 3 25th September 2008 03:19 AM


All times are GMT. The time now is 10:24 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick