Exploits allowing hackers to break into Gmail accounts are likely to occur, if they’re not already circulating, after security researchers released details of a hole that Google has reportedly declined to patch.
There are steps you can take to reduce the risk of using a webmail account, but it appears that the usual tricks won’t solve the Gmail problem until Google fixes the software.
The weakness that researchers say afflicts Gmail, a free e-mail service hosted by Google, belongs to a class of attacks known as cross-site request forgery (CSRF, pronounced “sea surf”).
Besides Gmail, CSRF holes affecting YouTube, Netflix, and NYTimes.com have also been found and repaired in the past. CSRF attacks use security flaws in cookies, password requests, and other interactive Web components to intercept communications between your browser and a Web site’s server.
The first report of the Gmail problem within security circles was written by Vicente Aguilera Díaz of Internet Security Auditors (ISA) on July 30, 2007. The next day, ISA issued an alert and included a proof of concept illustrating how the exploit could be used to change a Gmail account password.
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!
Subscribe and get our monthly bonuses - free!
The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!