Teenage Blogger Finds Gmail Hole 268
cpm80 wrote to mention the news that a 14 year old blogger has identified a security hole in the Gmail webmail service. From the Network World article: "He wrote that he was trying to e-mail JavaScript code from a Yahoo account to a G-mail account. The code will run in a preview pane, he wrote. But if the code is mailed from one Gmail account to another, it is filtered out, he said. Some visitors to the blog reported being able to replicate the findings, but others said later that they were not able to and that the supposed flaw had been fixed."
Fixed (Score:5, Informative)
Re:Security flaw? (Score:3, Informative)
Basically - you don't want someone to be able to send you javascript that will execute when you read a message. It can allow the attacker far to much leeway (within the confines of your browser)
Here's an (old) example [com.com] that affected Microsoft's hotmail service that gives you an idea of why you don't want want javascript sent to you to execute.
Less seriously - it makes it trivial for spammer to verify that someone is opening their spam.
Re:Gmail security can be over agressive too (Score:3, Informative)
Do you get this Gmail error. (Score:2, Informative)