Major security hole in Gmail - Contact list

UPDATE: It has been fixed now, this hack will no longer work.


The next time you use gmail make sure you logout or its quite possible that someone else is going through your contact list. Have a look at this example http://vivekjishtu.googlepages.com/contactlist.html

If you see a page with all your contacts, so can the spammers. The contact list can be used by spammers to harvest all the email addresses in your list. Though I really like JSON but its just these few security issues that makes AJAX a better option atleast in terms of being secure.

Technorati Tags: gmail, javascript, json, ajax

Comments

Popular posts from this blog

The best mobile development platform for hobbyist programmer

And yet more invites for joost

Using Voicemail with Airtel Prepaid Karnataka