Gmail Security Hole: Do Not Use Web Interface

Thanks for the heads up! Will there be a posting when this is corrected?

[...] Don’t use the Web Interface on Gmail – there’s a security risk involved. [...]

Thank you, actually avast anti virus just picked up a malware exploit.

I’ll be sure to post an update if I hear anything. Google doesn’t seem to be in any hurry to look into it. It’s been a year already.

so is this on Windows only or u including Linux and Mac

Self: I’m pretty sure it’s any platform – thanks for asking. The hack is on the remote side.

Even if it isn’t, extra security never hurts. I prefer Thunderbird on linux, using secure IMAP or POP, but one can set this up on Win or Mac also. (not sure if Thunderbird is available for Mac)

Thunderbird is on mac but I find I like mac mail better… I use windows most of the time and I use thunderbird and firefox

Ok, I see the link to the newsletter which apparently did not show up in chrome for some reason.

It looks like the cure for this is a non standard password. Oh and stay away from sites that could potentially be trying this and stay on known good sites.

When you resort to IMAP or POP3, it screws up your ‘labels’ doesn’t it? Or did I miss fine print somewhere? I did try downloading to a local client, and it basically dumped everything in the Inbox.

Windows Sercrets doesnt know wtf they are talking about. The author says that CSRF exploits can intercept communication between your browser and the server. It would be nice if the author knew anything about his topic before writing about it.

Furthermore, how can anyone write about potential vulnerabilities without explaining what the vuln is, as you have done on this blog.

Gadget: sorry, I don’t use labels. They have pretty good implementation and documentation though. I’m pretty sure IMAP behaves.

Bryan: Sorry if you feel the alert and link aren’t sufficient. Feel free to send Windows Secrets a rude comment too.

Informative blog, btw.  insecureweb.com]

James: point before you shoot

Thanks.

[...] Don’t use the Web interface on Gmail – there’s a security risk involved. [...]

[...] Don’t use the Web Interface on Gmail – there’s a security risk involved. [...]

[...] 24, 2009 Damn it, Google. Gmail Security Hole: Do Not Use Web Interface http://www.lockergnome.com/leftystrat/20... via [...]

I just came across this and have two questions… pardon my ignorance on the first one…

You say, “Make sure you select secure IMAP or POP.” I don’t see an option for that within the Gmail settings or within my email clients (I use both Thunderbird and Postbox). So any tips on how to go about this or find this would be greatly appreciated.

Also, I use Google Calendar on a regular basis. Am I at the same risk while using the calendar? I am kinda assuming that I am, being signed into the account and all.

Thanks to anyone who can shed some light on either of those two issues.

Cheers,
Pendimar