Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Internet Explorer Flaw Allows Intruders to Hack Gmail Accounts

Cenzic Inc. warns users of potential hack attacks

By Bogdan Popa, Security and Search Engines Editor

19th of December 2007, 10:24 GMT

Adjust text size:


Internet Explorer on Gmail's page
Enlarge picture
Microsoft's top browser, Internet Explorer, contains a critical vulnerability that could enable an intruder, who manages to exploit it, to access the victim's Gmail account and all the information stored in it, Cenzic Inc. warned today.

"Cenzic discovered the possible Cross-site Request Forgery (CSRF) on URLs that display attachments when viewed using 'View as HTML'. CSRF,
in combination with the improper use of caching directives, could lead to leakage of sensitive information that, when used in conjunction with the vulnerability in Internet Explorer described below, could instigate cross-site scripting issues. Cross-site scripting can lead to various exploits like credential theft, that can give active unauthorized access to the system", it is mentioned in the press release published on the company's official website.

What's interesting is that an attacker is not able to connect remotely to the affected computer, so he needs physical access to it in order to be able to exploit it. Certainly, this is not a problem as there are so many Internet cafes accessed by million of Gmail members.

"These vulnerabilities demonstrate the serious threats in common services that users take for granted as being safe and secure", said Mandeep Khera, VP of marketing at Cenzic. "There's an obvious need for these threats to be handled in a proactive and timely manner. While large vendors like Microsoft and Google are being more aggressive in taking measures to protect their applications, we still have a long way to go. For smaller ISVs and corporations, the situation is more bleak when it comes to application security."

This is not the first time when Google's mail technology is affected by such a dangerous exploit. However, the Mountain View company has always been opened to communication and this matter helped it repair the problems quick and easy. Cenzic has already informed both Google and Microsoft, so we're expecting a patch or something to fix this vulnerability. Until then, a solution would be disabling the caching function of Internet Explorer, as the security company advised.

TAGS:

 ie | microsoft | google | gmail | security


Rating:
Fair (2.7/5) 8 vote(s) so far    

Read by 775 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Gmail, MSN and Yahoo Passwords Published on Public Website!

Gmail Evolves, Still Behind Yahoo Mail

Gmail Flaw Invites Hackers to Your Private Messages

Illegal Gmail Activities? Not Allowed, Duh!

Gmail Flaw Fixed, Users Now Protected

Google: Gmail Blocks Spam! OK, Just Wait to See My Account!

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive