Major security hole in Gmail - Contact list

UPDATE: It has been fixed now, this hack will no longer work.


The next time you use gmail make sure you logout or its quite possible that someone else is going through your contact list. Have a look at this example http://vivekjishtu.googlepages.com/contactlist.html

If you see a page with all your contacts, so can the spammers. The contact list can be used by spammers to harvest all the email addresses in your list. Though I really like JSON but its just these few security issues that makes AJAX a better option atleast in terms of being secure.

Technorati Tags: gmail, javascript, json, ajax

Comments

Post a Comment

Popular posts from this blog

The best mobile development platform for hobbyist programmer

This is something I have been thinking for a while so here it goes. This is a list of platforms I know of and my choice of what makes sense for a hobbyist programmer like me. Let me first list down all the possible platforms and then list down the pros and cons that I feel are associated with each platform. Java ME (The platform formally known as J2ME) Windows Mobile Linux Palm Brew Symbian Blackberry iPhone iPhone Let me start with iPhone the darling of the media and blogger's till about a fortnight. I had real expectations from iPhone as a platform but the way its been going so far I would never bother developing for it. Officially there is no SDK with which one can build applications. What ever tools the community had built have been rendered useless with the iPhone 1.1.1 software upgrade . The community might be able to hack a version for 1.1.1 but without any support from almighty apple its just a cat and mouse game. With every minor release the applications
Read more

Using Voicemail with Airtel Prepaid Karnataka

Call  *321*671# to activate the service on your phone. It will ask you for permission if you want to enable it. To customize the account dial 52555 To disable voicemail dial *321*673# You can also activate it by sending out a SMS Send START VMS to 54321 for activation  Send STOP VMS to 54321 for de-activation  This post if for my own reference. If you have any questions leave a comment and if I know about it I will try and answer it.
Read more

Airtel 16Mbps for Impatient Ones

This advert can be the summed as the best in terms of making fun of the impatient ones. The new Airtel broadband is 16 Mbps but with a slight hitch. At Rs. 2999/- with a Data Transfer Limit of just 20 GB. Just listening to a few hours of music videos on Youtube should be enough to exhaust the limit in no time. Thinking of downloading torrents is something one should not even think about. Not sure who Airtel is targeting with this plan. If you bought this plan do leave a comment.
Read more