Yesterday the New Year brought upon us many global happenings, and bugs here at Search Engine Journal, but the biggest tech problem of January 1st may have been the exploit of a GMail weakness which exposed user web contacts.
Engadget covers:
The exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you’re logged into Gmail and browsing the web, any rogue website can declare the function “google” and then parse all your contacts.
The only way to safeguard yourself is to disable Javascript in your browser (or enabled it for trusted sites only) or simply climb into a hole and not browse while logged into Google services like Gmail, Blogger, Orkut, Reader, Calendar, etc. — you know, the sites you typically have open all day long.
And from Googlefied, the original source of the story, (Googlefied also lists an FAQ list about the exploit) it seems that Google has addressed the problem:
Finally, about an hour ago or so, Google has patched the vulnerability, thoroughly, as far as I can tell. That’s like thirty hours after I notify the Google Security team. It’s new year, people.
Well, the bug has been fixed, but I guess some people will still have questions about it.
Comments
5 responses so far ↓
Sanderson on Jan 2, 2007 at 10:03 am
Hi Loren,
Many people recently complained that their gmail account got deleted, and they lost everything. They were using latest release of FF. Is this related to that? As FF allows JS by default. The information provided by you is helpful.
Thanks
Loren Baker, Editor on Jan 2, 2007 at 10:11 am
Sanderson, I do believe that the email deletion problem was totally different. I’ll look up some info on that and post a follow up comment.
Sanderson on Jan 2, 2007 at 11:03 am
Thanks Loren for that quick reply, I will wait for the follow up comment.
Loren Baker, Editor on Jan 2, 2007 at 11:52 am
Sanderson, here is some info on the vanishing Gmail data:
GigaOm
Google Groups
Sanderson on Jan 3, 2007 at 5:19 am
Thanks a lot for that Loren.
Coming back to the GMail Exploit, I am glad that it has been fixed now, as I always use JS within FF while surfing on the net. Now can do that without any threat. Thanks
Leave a Comment