Monday, January 01, 2007

Major security hole in Gmail - Contact list

UPDATE: It has been fixed now, this hack will no longer work.


The next time you use gmail make sure you logout or its quite possible that someone else is going through your contact list. Have a look at this example http://vivekjishtu.googlepages.com/contactlist.html

If you see a page with all your contacts, so can the spammers. The contact list can be used by spammers to harvest all the email addresses in your list. Though I really like JSON but its just these few security issues that makes AJAX a better option atleast in terms of being secure.

Technorati Tags: gmail, javascript, json, ajax

No comments: