Well, you have to give Google credit. They certainly turned this one around quickly. Per my post yesterday evening:

An Israeli publication, Nana Net Life, broke the news that a simple XSS exploit can be used to gain access to your GMail account. The exploit was not explained specifically but in the most general terms, it seems that a hacker hijacks your GMail cookie when you follow a special link that has been setup to grab your cookie. Once your cookie is captured, a hacker then has access to your GMail account and changing your password has no effect. Workarounds? I think that not checking the autologin for 2 weeks button will safeguard your account.

According to InfoWorld, Google has now fixed the problem. [via InsideGoogle via theunofficialgoogleweblog]

No tags