Comments on: Gmail security breach

By: adam

adam — Tue, 02 Nov 2004 14:29:35 +0000

I’ve been corrected – the gmail authentication cookie is not the lifetime persistent Google cookie. However, I think this is a fairly serious issue and a good warning about the fragility of the security of web systems. Even though this exploit has been addressed since the announcement, it’s worth highlighting that any cookie that’s stored on disk is probably fairly easily stolen. I would NOT be surprised to see this be the target of a worm in the near future.

By: Guido

Guido — Tue, 02 Nov 2004 14:28:30 +0000

Fortunately, the security flaw seems to have been fixed by now:
http://www.theregister.co.uk/2004/11/01/gmail_bug_fixed/

By: Glenn Fajardo

Glenn Fajardo — Tue, 02 Nov 2004 14:26:37 +0000

I was concerned about this when I read about it. However it seems that Google has patched the problem:

http://www.macworld.com/news/2004/11/01/gmail/index.php