Google plugs hole exposing Gmail mail-boxes
Google has fixed a security flaw in its Gmail web-based e-mail service that allowed attackers to hijack users' e-mail accounts.
Google has fixed a security flaw in its Gmail web-based e-mail service that allowed attackers to hijack users' e-mail accounts.
"Google was recently alerted to a potential security vulnerability affecting the Gmail service. We have since fixed this vulnerability, and all current and future Gmail users are protected," said Google spokesman Nathan Tyler.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Tyler declined to discuss the nature of the problem, but a source close to Google confirmed that the flaw allowed an attacker to gain complete control over a user's account.
The problem was in the way Gmail authenticated users. An attacker could steal a so-called cookie file identifying the user by making use of a seemingly innocent link to Google's own website, according to a report on the website of the Israeli publication Nana NetLife Magazine.
The cookie allowed an attacker to sign on to Gmail as the victim from any computer without having to enter a password. The attacker would continue to be able to access the Gmail account even if the password were changed, according to Nana NetLife, which cited an Israeli hacker named Nir Goldshlagger.
An investigation by Google found that only a handful of Gmail users were victimised, the source close to the company said.
Google announced Gmail in April, grabbing headlines because of the massive 1Gbyte storage space provided with a Gmail account. The service is still officially in beta testing and internet users can only get accounts after receiving an invitation from a current user. Google does not disclose how many Gmail accounts it hosts.
Joris Evers writes for IDG News Service
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments