Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Google Exploit Allows Account HiJacking

Submitted by
Rub3X
Rub3X writes "To execute the attack, the victim needs to be logged in to a Google service, and visit a specially crafted page. The page in question is on a Google sub domain, so it does look legitimate. A proof of concept page was set up to verify the claims, and successfully tested on a user of the Google services in question. With this attack you can: Get in to Google Docs and Spreadsheets application and read and modify documents saved there, Read subjects from GMail, including part of the first sentence, Access the personalized homepage, View Google Accounts page, Enter Google Reader, Read your private Google Notebook, View my complete Google search history if search history feature is enabled."

You scratch my tape, and I'll scratch yours.

Working...