This is a truly scary story : David Airey got his domain stolen because of a GMail vulnerability.
Short story: it was (seems it’s fixed) possible to create filters on Gmail just by visiting a link or, say, loading a hidden frame on a malicious website. Like, create a filter to forward to evilguy@evilhost.com any email containing the word “password” and you’re pretty much stealing everything from everyone. Long story: David’s experience, or just the technical proof of concept and explanations.
Number one item on your to do list: check your Gmail filters right now and see if there is any suspicious forward you can’t remember setting up.
commented, on 26/Dec/07 at 12:50 am # :
Thanks so much for helping spread the news.
It’s a set back for me, but I know I can recover in a stronger position than before. Especially with the help of people like you.
Have a wonderful xmas and an even better new year!
replied, on 30/Dec/07 at 6:19 am # :
a really really scary story.
i’m checking my filters now.
wishing you a prosperous new year!
have a nice day ahead!
thought, on 28/Jan/08 at 2:09 am # :
My Gmail Account has been compromised and hijacked. The person who hijacked my account has gained access to personal information, bank, other accounts… They have threatened my familly.
I have been trying to contact google and have them shut down or restore the account to myself. I have sent them as much information as they would require. However for over a week now nothing has been done. I am still recieving emails and threats for this other person under my gmail account.
Pretty sad when other companies such as ebay, paypal where eager to assisst yet i cannot get any response from google security
said, on 10/Feb/08 at 11:00 pm # :
Someone gained access to my facebook account and deleted information. I changed my password and everything, but is there anything else I can do to find out what hapened or who or what was behind it?
thought, on 11/Feb/08 at 9:18 am # :
Jeffery » Sure: you can cry, pray, revolt, or even ignore everything.