Google's Response To Gmail Security Vulnerability
By Philipp Lenssen
Expert Author
Article Date: 2008-12-02
Google says that recent reports on a Gmail vulnerability aren't true (Google might mean this one at GeekCondition.com, as blogged here earlier; my emphasis in the quote):
We've seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners' domains by unauthorized third parties. At Google we're committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerability.
With help from affected users, we determined that the cause was a phishing scheme
Google continues to write, "Several news stories referenced a domain theft from December 2007 that was incorrectly linked to a Gmail CSRF vulnerability. We did have a Gmail CSRF bug reported to us in September 2007 that we fixed worldwide within 24 hours of private disclosure of the bug details." I contacted Brandon at GeekCondition yesterday to find out more but haven't heard back from him yet.
Comments
About the Author:
Philipp Lenssen from Germany, author of 55 Ways to Have Fun With Google, shares his views & news on the search industry in the daily Google Blogoscoped.
|
