Froogle/Gmail Hack Warning
Neowin.net reports:
Thanks to Aviran on BPNAn Israeli hacker has uncovered a flaw in Froogle, Google’s
price-comparison service, which could allow access to users’ Gmail
accounts. Nir Goldshlager, who discovered the flaw, warned that
URL-embedded Javascript could end up causing personal information to be
revealed.If users execute the script by clicking a link, they would be redireted
to a malicious website. From there, hackers can read a user’s cookie.
It may contain personal information, such as purchase histories, or the
username and password used to access Google services – such as Gmail.Goldshlager warned that even if the user chooses not to save the
cookie, the hacker can still discover the username and password for
other services such as Google Alerts and Groups because of the way that
data is stored.
View: Neowin discussion thread
Well, what can I say… I hope they fix it soon!
