- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Google has fixed a flaw that would have allowed Web sites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e-mail addresses.
For an attack to work, a user would have to log into a Gmail account and then visit a Web site that incorporates JavaScript code designed to take contact information from Gmail.
Proof-of-concept code was publicly posted.
The JavaScript code used a capability that Google used to integrate addressing with other services including its video download site and online office productivity suite.
Google appears to have fixed the problem within 30 hours of being notified, wrote Haochi Chen, a blogger who tracks the company on his blog.
A Google spokeswoman in London confirmed Tuesday morning the problem was fixed.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (1)
Google closes Gmail cross-site scripting vulnerabilityBy Anonymous on January 3, 2007, 11:14 pmDAMN, 30 hours! It often takes Microsoft months! Dang it, which Linux are THEY going to endorse? :) Re: This article.
Reply | Read entire comment
View all comments