Submission + - Google API Allowed Attacker to Impersonate Google (net-security.org)
Orome1 writes: Details about a recently discovered and exploited vulnerability that allowed a 21-year-old Armenian hacker to harvest Gmail addresses and send to their owners a message coming from a legitimate Google e-mail address are still unknown, but the vulnerability has been patched. The attack has been perpetrated during the weekend, but it wasn't malicious in nature. The hacker just wanted to bring the vulnerability to the public's attention, because he says that he has tried to contact Google and disclose all the details, but they won't answer his e-mails.