Google denies CSRF vulnerability

Nibble Gmail is safe dammit

By Nick Farrell

Wed Mar 04 2009, 13:35

SEARCH OUTFIT GOOGLE has reacted angrily to a post on the Full Disclosure mailing list claiming that Gmail has been vulnerable to a Cross-Site Request Forgery (CSRF) attack since the summer of 2007.

Researchers furious that Google had done sod-all about the problem since they warned them about it released information on the attack.

Google admitted that it had been aware of this report for some time, and did not consider this case to be a significant vulnerability.

No one has ever reported it being exploited, so go back to bed. µ

L'Inq
Tech Herald

The INQUIRER review of the year A look back at the big news stories of 2011 Friday, 23 December 2011, 08:00 AM Read more	Adobe patches critical vulnerabilities in Flash Player Attacks are already seen in the wild Thursday, 22 September 2011, 10:06 AM Read more
Chrome OS users are at risk Browser extensions are bad for you Thursday, 4 August 2011, 14:42 PM Read more	Top 25 dangerous software errors are revealed SQL injection tops the list Thursday, 30 June 2011, 15:33 PM Read more
Facebook admits hiring a PR firm to bad mouth Google Says it should have done things differently Friday, 13 May 2011, 10:02 AM Read more	McAfee is fixing security bugs on its website Insecurity firm is sweeping its own doorstep Tuesday, 29 March 2011, 14:40 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Manual/Web (XML, web appli

Manual/Web (XML, web applic...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Google denies CSRF vulnerability

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review