Like your Gmail account? Consider it a sacred place which must be protected from spammers at all cost? Yeah, us too. Well, we hate to break the bad news at the dawn of the new year but there’s a weakness in Gmail which exposes your email address to any web site capable of exploiting the bug. As reported on Digg, the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you’re logged into Gmail and browsing the web, any rogue website can declare the function “google” and then parse all your contacts. The only way to safeguard yourself is to disable Javascript in your browser (or enabled it for trusted sites only) or simply climb into a hole and not browse while logged into Google services like Gmail, Blogger, Reader, Calendar, Analytics, etc. — you know, the sites you typically have open all day long. For obvious reasons, we will not link directly to the site which demonstrates the exploit on your personal account due to the risk of running possibly malicious code. However, we tested it and found our most precious account — and those of our contacts — correctly identified and ready for harvest. But hey, even though Gmail has been out since 2004, it is still “beta”… right?
Posted under Tech News
This post was written by Nicki on January 1, 2007
Samantha Jones on 
Samantha Jones on 
Ivan on 
