Google Patches Vulnerability Impacting Gmail Accountholders
Google has just released a security patch to fix a flaw, which if exploited could afflict Gmail users with spam provided they access a maliciously created Internet site. The early reporter of the flaw was TechCrunch, which announced the discovery on November 20, 2010. This was after a person named Vahe G. crafted a website for abusing the bug. EWeek published this on November 22, 2010.
Actually the website was crafted when Google didn't reply to Vahe's electronic mails. Consequently, accountholders who merely went to the website became affected whilst they had their Gmail accounts open. Moreover, the influence of the website also prevailed irrespective of if a user did or did not run the "Incognito" mode of Google Chrome. EWeek Europe published this on November 23, 2010.
Encouragingly, Google resolved the issue fast before anyone exploited it to dispatch junk e-mails to Gmail accountholders. Said Google that they promptly rectified the problem within API the Google Apps Script, which was capable of letting the dispatch of e-mails to Gmail accountholders devoid of their consent but only when they opened one maliciously-crafted website during their access of personal accounts. The site, which exhibited the problem, was instantly eliminated followed with its deactivation, Google continued, adding that it encouraged those who disclosed possible security issues in software with adequate responsibility to email@example.com. Examiner.com reported this on November 22, 2010.
Remarking about the problem, Senior Technology Consultant Graham Cluley at Sophos blogged, spammers could have used the vulnerability for a fine payday. EWeek reported this. Cluley continued that albeit the said exploit was apparently created as a prank, hackers with more malicious intent could have, without difficulty, exploited the flaw for disseminating the standard spam extorting money, for executing a phishing assault, or for spreading malware. He speculated that users could be greatly chanced to follow a web-link when they found that Google indeed sent it; consequently, putting their private information at risk.
The current type of security problems, Cluley concluded, were really worrisome as people increasingly depended on e-mail communications as well as their Web-mail hosts for providing inboxes that were filtered and reliable.
Related article: Google Rectifies Gmail flaw in Three Days
» SPAMfighter News - 03-12-2010