Fools spew all private data in google, online blog things are waiting for hackers to get the data.
Not only that google is big brother 2.0 on steroids, stores private data in which it is theirs to do with what they please.
Wait until these fools have their data exploited, see how willing they are to put their pictures all over a public domain with no rules. The internet is full of hackers from China, Russia, Middle East and of course Africa. Enjoy and having your identity stolen and then crying about why did it happen to me... alas lost sheep, install all google desktop searching, face books, keep blasting your data out there, people will use it to make money and they are not your 'friends' and the net is not user friendly...
Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google’s Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail’s “Change Password” function, since according to Diaz the session cookie is automatically sent by the browser in every request making the attack possible.
Google’s response came fast, and it’s in the form of - “We do not consider this case to be a significant vulnerability.” :
We’ve been aware of this report for some time, and we do not consider this case to be a significant vulnerability, since a successful exploit would require correctly guessing a user’s password within the period that the user is visiting a potential attacker’s site,” the spokesperson said. “Despite the very low chance of guessing a password in this way, we will explore ways to further mitigate the issue. We always encourage users to choose strong passwords, and we have an indicator to help them do this.
Compared to the futile password guessing attempts in order to execute the attack, nothing can replace flaw-independent approaches like social engineering. From a pragmatic perspective, malicious attackers have an extensive number of tactics to chose from if they were trying to obtain your Gmail password. Starting from plain simple phishing campaigns, and going to a more efficiency-centered approaches - remember the G-Archiver fiasco?
- Related posts: Google downplays Chrome’s carpet-bombing flaw; Google: no evidence of a Gmail vulnerability; Google fixes critical XSS vulnerability
Google’s most recently fixed flaws across its web properties include October 2008’s cross domain frame injection vulnerability, November 2008’s XSS in Google’s accounts SSL login page, and January 2009’s Google sites reflective cross-site scripting flaw.
