Information Security Think Tank
I woke up today to realize that GNUCITIZEN’s web server is bombarded with requests. Good that we are running from a scalable infrastructure. The reason for the storm was a recent disclosure of apparently new Gmail bug similar to the one which I partially and than fully disclosed here, of course after working with the vendor to resolve the problem, which is always the right thing to do. [...]
Alright. If you have been following the Full-disclosure mailing list, you have probably stumbled across several emails which claim that one of my GMail accounts have been compromised. That is right. It did happen but I am not that surprised since I’ve been expecting it ever since I started doing security.
Why I am not pissed? [...]
In this post I am going to show you how someone can remotely install a simple, persistent filter within a GMail account and download all previous as well as snoop onto all future email conversations.
The following sequence of screenshots describes how the attack works.
The victim visits a malicious page while being logged into GMail. [...]