Gmail allow hackers to hijack accounts on public PCs

Latest News | News Archive |

Posted by: Tweaker
Date added: 21:23, 18th December 2007 GMT
Source: Computer World News

Microsoft Corp.'s Internet Explorer (IE) browser has an unpatched vulnerability that could let hackers hijack, then access, Google Inc. Gmail accounts, a California security company warned yesterday.

IE, said Santa Clara-based Cenzic Inc. in an alert issued Monday, contains an unspecified cached files bug that when combined with a cross-site request forgery flaw in the Web-based e-mail service, exposes Gmail account sign-ons and lets others access those accounts and any messages or file attachments there.

Although not a bug that can be leveraged remotely -- an attacker must have local, physical access to the PC -- as Cenzic pointed out in its alert, there are scenarios where that's not a limitation. "These vulnerabilities could be exploited such that all users of a shared computer, who use Internet Explorer and share a user account -- a common practice at computer kiosks in a library or Internet cafe -- could be vulnerable," said Cenzic.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]