Gmail Security Flaw

I woke up today to realize that GNUCITIZEN’s web server is bombarded with requests. Good that we are running from a scalable infrastructure. The reason for the storm was a recent disclosure of apparently new Gmail bug similar to the one which I partially and than fully disclosed here, of course after working with the vendor to resolve the problem, which is always the right thing to do. [...]

more | comments | comments rss | posted by


Alright. If you have been following the Full-disclosure mailing list, you have probably stumbled across several emails which claim that one of my GMail accounts have been compromised. That is right. It did happen but I am not that surprised since I’ve been expecting it ever since I started doing security.

Why I am not pissed? [...]

more | comments | comments rss | posted by

Google GMail E-mail Hijack Technique

In this post I am going to show you how someone can remotely install a simple, persistent filter within a GMail account and download all previous as well as snoop onto all future email conversations.

The following sequence of screenshots describes how the attack works.

The victim visits a malicious page while being logged into GMail. [...]

more | comments | comments rss | posted by