http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/ Giorgio Maone's answers to the Web, the Universe, and Everything Sun, 07 Sep 2008 00:29:54 +0000 http://wordpress.org/?v=2.2.3 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7962 karthi Sat, 17 May 2008 15:05:12 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7962 hmm.. so.. noscript can block this type of attack?? hey.. besides, do you feel that i'm asking too many kiddie questions?? coz, i am a new born in this field.. hmm.. so.. noscript can block this type of attack??
hey.. besides, do you feel that i’m asking too many kiddie questions??
coz, i am a new born in this field..

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7958 Giorgio Sat, 17 May 2008 13:49:12 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7958 @<b>karthi</b>: yes, they can, provided that the site is vulnerable to <a href="http://noscript.net/faq#xss" rel="nofollow">XSS</a>. @karthi:
yes, they can, provided that the site is vulnerable to XSS.

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7957 karthi Sat, 17 May 2008 12:47:11 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7957 thank you giorgio.. i read on other blog that, one can hack my pwd by making me to click an image or some other links using javascript.. is it really possible? thank you giorgio..
i read on other blog that, one can hack my pwd by making me to click an image or some other links using javascript..
is it really possible?

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7949 Giorgio Fri, 16 May 2008 07:28:27 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7949 @<b>karthi</b>: No, nothing bad happens anymore because the bug has been fixed by Google. But yes, that was how it used to work originally. @karthi:
No, nothing bad happens anymore because the bug has been fixed by Google.
But yes, that was how it used to work originally.

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7947 karthi Fri, 16 May 2008 02:07:50 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7947 @Giorgio OMG.. pls forgive my ignorance.. so, if someone opens the page when they are loggend onto gmail, the filter is set..? @Giorgio
OMG..
pls forgive my ignorance..
so, if someone opens the page when they are loggend onto gmail, the filter is set..?

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7938 Giorgio Thu, 15 May 2008 14:29:23 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7938 @<b>karthi</b>: those links are not dead, it's just the vulnerability which has been fixed. If you want to check how it used to work, you can just look at the source code: view-source:http://beford.org/stuff/contacts.htm view-source:http://beford.org/stuff/gmail.htm @karthi:
those links are not dead, it’s just the vulnerability which has been fixed.
If you want to check how it used to work, you can just look at the source code:
view-source:http://beford.org/stuff/contacts.htm
view-source:http://beford.org/stuff/gmail.htm

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7937 karthi Thu, 15 May 2008 13:42:49 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-7937 damn.. i came late to this info.. beford dot org leads me here.. the poc link for "stealing incoming messages" are dead.. where can i find more information about that? damn.. i came late to this info..
beford dot org leads me here..
the poc link for "stealing incoming messages" are dead..
where can i find more information about that?

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-6240 Future is Fiction - Just another WordPress weblog » Trust No One Wed, 20 Feb 2008 07:17:32 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-6240 [...] This is all a long lead-up to this link, from hackademix.net, about four recent security weaknesses in google. [...] […] This is all a long lead-up to this link, from hackademix.net, about four recent security weaknesses in google. […]

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-903 IT Security » Blog Archive » Gmail Cross Site Script Vulnerabilities Exposed Thu, 25 Oct 2007 14:17:20 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-903 [...] Maone’s post at Hackademix.net also reports other Google XSS vulnerabilities that have recently come to light, targeting gmail, [...] […] Maone’s post at Hackademix.net also reports other Google XSS vulnerabilities that have recently come to light, targeting gmail, […]

]]> http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-598 Rails 2.0 geliyor - ”FaikEmre” Kişisel Web Blog! Wed, 03 Oct 2007 04:15:40 +0000 http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/#comment-598 [...] . göze çarpan yeniliklerden birisi de bugunlerde google’ın da başını fena halde ağrıtan csrf ataklarına karşı güvenlik önlemlerinin alınması. yeni versiyonu denemek için gem [...] […] . göze çarpan yeniliklerden birisi de bugunlerde google’ın da başını fena halde ağrıtan csrf ataklarına karşı güvenlik önlemlerinin alınması. yeni versiyonu denemek için gem […]

]]>