gmail cookie

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Gmail cookie vulnerability exposes user's privacy

Gmail cookie vulnerability exposes user's privacyGmail cookie vulnerability exposes user's privacyAnother Google vulnerability? This company is going down faster than a deflated balloon. Their blatant disregaurd for security and privacy is enough to drive anyone away from ever using their products. Here is the problem with Google, their...

Tags: E-mail providers, SECURITY, Microsoft Corp., Gmail cookie vulnerability, Gmail cookie, cookie, privacy, vulnerability, Google Inc., Google Gmail

Discussion threads 2007-09-27

Additional Resources

Google downplays severity of Gmail CSRF flaw

Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail's "Change Password" function, since according to Diaz the session cookie is automatically sent by...

Tags: Google Inc., Google Gmail, Password, Flaw, Vulnerability, XSS, CSRF Flaw, E-mail Providers, Cloud Computing, Security, Internet, Dancho Danchev

Blog posts 2009-03-04

Is Google Health corrupt?

Is Google Health corrupt?Google is ridiculousI don't believe anything Google says. All they do is data mine the hell out of everything. How can anyone expect any privacy whatsoever from them? It's their business model.That's why I switched from GMail to HotmailHotmail is maintained by probably the...

Tags: Data mining, E-mail providers, Business intelligence, Google Inc., cookie, privacy, Google Health, health care

Discussion threads 2009-02-06

Google: no evidence of a Gmail vulnerability

Following the speculations on the resurrection of what's thought to be an already fixed Gmail flaw which could assist in domain name hijackings, yesterday Google commented that their investigation indicated that the recent domain hijacks should be attributed to a phishing campaign, rather than to a Gmail flaw. The phishers...

Tags: Google Inc., Google Gmail, Attacker, Vulnerability, Phishing, Cyberthreats, Spam, E-mail Providers, Security, Viruses And Worms, Spam And Phishing, Internet, Dancho Danchev

Blog posts 2008-11-26

Gmail exploit lets attackers forward your email to them

Gmail exploit lets attackers forward your email to themWhat about timeouts?Shouldn't the values in the cookie become invalidated after a certain period of time? Seems obvious to me. Especially for users who enabled the SSL only feature.I'm not talking about the cookie expiring, I mean whatever it is...

Tags: E-mail providers, cloud computing, Google Gmail, attacker, e-mail

Discussion threads 2008-11-23

Gmail exploit lets attackers forward your email to them

Philipp Lenssen spotted a post by Brandon at GeekCondition that explains the general idea behind an attack that can be used to set up filters in your Gmail account without your knowledge. It's important to be aware of these kind of things so you can better protect yourself. ...

Tags: Google Gmail, Attacker, E-mail, Cookie, E-mail Providers, Cloud Computing, Internet, Garett Rogers

Blog posts 2008-11-23

Mail Goggles: an idea that goes well beyond drunk emails

There's a new GMail Labs app: Mail Goggles, by GMail engineer Jon Perlow: When you enable Mail Goggles, it will check that you're really sure you want to send that late night Friday email. And what better way to check...

Tags: Google Gmail, Jon, E-mail Providers, E-mail, Cloud Computing, Internet, Online Communications, Denise Howell

Blog posts 2008-10-08

Don't be the next Sarah Palin (security victim, not VP candidate)

Don't be the next Sarah Palin (security victim, not VP candidate)This is why professional org's. such as AICPA...warn the members that using public e-mail services could expose them to possible malpractice law suits if client info is compromised.Use a third party cloud provider and risk everything.You forgot cookiesYahoo! mail was...

Tags: Sarah Palin, security victim, Yahoo! Inc., e-mail, security

Discussion threads 2008-09-17

News to know: Windows 7 Beta; Google; $2,000 PC; Gates & Seinfeld; iTunes 8 fix

Here are today’s notable headlines. You can get News To Know via email alert and RSS daily: Ryan Naraine: Secunia launches pay-as-you-go exploit shop Adrian Kingsley-Hughes: The $2,000 build-it-yourself gaming/video editing/photo editing PC Gallery: The $2,000 build-it-yourself gaming/video editing/photo...

Tags: Google Inc., Microsoft Windows 7, PC, Apple Inc., Video, Beta, Adrian Kingsley-Hughes, Apple iTunes, Corporate Communications, Microsoft Windows, Wiki, Marketing, Operating Systems, Software, Online Communications, David Grober

Blog posts 2008-09-12

NoScript mitigates HTTPS cookie hijacking attacks

The invaluable NoScript for Firefox plug-in just got a tad better. According to Giorgio Maone, the developer behind the popular browser extension, a new experimental feature called "Forced Secure Cookies" has been added to NoScript v1.8.0.5 to mitigate the HTTPS cookie hijacking attack vector discussed at DEFCON...

Tags: Attack, Cookie, NoScript, Ryan Naraine

Blog posts 2008-09-11

LIVE: Google Chrome Press Conference

I'm here at the Googleplex for a press conference to announce the new Google browser, called Chrome. The service will go live at 12 Noon PT today and is available for Windows Vista and XP - for now. Mac and Linux versions are coming soon. It will launch in 122...

Tags: Google Inc., Web Browser, Google Chrome, Web Browsers, Internet, Sam Diaz

Blog posts 2008-09-02

Google's Chrome browser: It's all about the ads and cookie files stupid!

For all the talk about Google's Chrome browser and whether it's a Web operating system, platform for applications and future Microsoft killer it's quite possible that folks are overthinking the search giant's intentions. Perhaps Google's browser is really about protecting its ad backside. Sure, Google's browser Techmeme--designed...

Tags: Google Inc., Advertisement, Microsoft Internet Explorer, Microsoft Corp., Web Browser, Cookie, Chrome, Google Chrome, Lindsay, Web Browsers, Internet, Larry Dignan

Blog posts 2008-09-02

GMail adds "https:"-only connections but still not by default

Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default. In the Settings tab, at the very bottom, GMail users can now select...

Tags: Google Inc., Google Gmail, HTTP, E-mail Providers, Cloud Computing, Internet, Ryan Naraine

Blog posts 2008-07-25

Taking ownership (pwnership) of content: Cross-site Scripting Google

My good friend Billy Rios pictured to the right published another interesting exploit recently.  It's a cross-site scripting exposure in spreadsheets.google.com, which is interesting because it's exploited by using the content-type returned by spreadsheets.google.com and a caching flaw on the part of Google.  Here's some details from Billy's blog: I was...

Tags: Security, Google Inc., HTML, XSS, Domain, Billy Rios, Rios, Nathan McFeters

Blog posts 2008-04-16

YOUTHERE1.com's Horizon Toolbar 4.5.176.0 (Windows)

Our Horizon Toolbar features quick access to all our individual pages (e-cards, horoscopes, cartoons, games room, virus help, etc) as well as popular sites on the web such as Hotmail, Gmail, Yahoo! Mail, MySpace, Facebook, YouTube, Digg and others. Also includes 24/7 news, e-mail notifier, radio, weather, popup blocker, cookie...

Tags: Toolbar, Microsoft Windows, Youthere1, YOUTHERE1.com, E-mail Providers, Games, Viruses And Worms, Internet, Personal Technology, Security

Software downloads 2008-03-05

Even SSL Gmail can get sidejacked

Even SSL Gmail can get sidejackedZDNet requires cookies to work...when using talkback. This is ridiculous. According to this blog, this is a security risk. Even though security is not a real issue when using talkback, requiring cookies, by this blogs own admission is not the most secure way to conduct...

Tags: SSL/TLS, Authentication/Encryption, E-mail providers, Network security, SECURITY, Last Line, SSL Gmail, SSL, Google Gmail, HTTP, KMail

Discussion threads 2008-01-31

Even SSL Gmail can get sidejacked

When Robert Graham demonstrated how Web 2.0 wasn't safe at last year's Blackhat, it was thought that at least the SSL mode HTTPS of Google Gmail would be spared from sidejacking.  That presumption now appears to be false according to this updated blog posting from Graham.  Even with SSL enabled,...

Tags: Google Gmail, HTTP, SSL, Cookie, Sidejacking, E-mail Providers, Web 2.0, Ssl/Tls, Authentication/Encryption, Network Security, Security, Internet, Networking, George Ou

Blog posts 2008-01-31

New version of Gmail starting to roll out

New version of Gmail starting to roll outLooking forwardto the new version, which I hope will come here to Stockholm within the next couple of weeks. In my opinion it is indeed a good thing the [b]Gmail[/b] interface has remained largely untouched since it was launched, but that doesn't mean...

Tags: E-mail providers, Google Gmail, Google Inc.

Discussion threads 2007-10-30

Orkut Helper 7.5 (Windows)

With its autologin feature, you can login, without entering the password again. Also, if you are logged in gmail with Remember Me On This Computer checkbox checked, you get logged into Orkut automatically on opening http://www.orkut.com. It uses the cookie of Gmail/Orkut to login. It just sees whether your Cookie...

Tags: Orkut.com, Link, Microsoft Windows, Image, Anish Sane, Social Networking, Online Communications, Marketing, Advertising & Promotion

Software downloads 2007-09-20

Greasemonkey script blocks Gmail cookie-theft attacks

Greasemonkey script blocks Gmail cookie-theft attacksTitle is a bit misleading and it's kind of a silly homage to Firefox.Greasemonkey sounds like a really complex way to bookmark https://mail.google.com. To say that it "blocks Gmail cookie-theft" kind of undermines the larger issue that this is a problem across the board....

Tags: E-mail providers, Google Gmail, Mozilla Firefox

Discussion threads 2007-08-07