This is a truly scary story : David Airey got his domain stolen because of a GMail vulnerability.
Short story: it was (seems it's fixed) possible to create filters on Gmail just by visiting a link or, say, loading a hidden frame on a malicious website. Like, create a filter to forward to email@example.com any email containing the word "password" and you're pretty much stealing everything from everyone. Long story: David's experience, or just the technical proof of concept and explanations.
Number one item on your to do list: check your Gmail filters right now and see if there is any suspicious forward you can't remember setting up.
Want to share or tweet this post? Please use this short URL: http://ozh.in/gr