Scary Gmail Zero-Day Exploit
This should rattle your cage, a frighteningly easy zero-day exploit using Google Gmail. It works like this. Someone logs into their Gmail account, then visits a malicious site during the session. The bad site creates a rogue filter in their e-mail account and redirects all their e-mail to the attacker.
The exploit was uncovered by Petko Petkov, a web pen tester in the UK. Called cross-site request forgery (CSRF), Petkov posted details on the Gnucitizen web site.
Ryan Naraine had more details on his Zero Day blog.
The exploit was uncovered by Petko Petkov, a web pen tester in the UK. Called cross-site request forgery (CSRF), Petkov posted details on the Gnucitizen web site.
Ryan Naraine had more details on his Zero Day blog.
posted by The IT Security Guy at 8:56 PM
1 Comments:
I tried it and it works transparently - time to get 'neurotic' about verifying your filters for GMail on a regular basis.
Post a Comment
<< Home