Can gmail accounts be hacked through CSRF?

From: rn@xxxxxxxxx
Date: 28 Sep 2007 06:54:14 -0000

A malicious hacker can misuse Cross-site request forgery (CSRF) to redirect a copy of all your incoming emails to his account!

CSRF (also referred to as ?one click attack? or ?session riding?), is a malicious attack that transmits unauthorized commands to a website from a trusted user.

I have posted the details of this attack on:
http://www.rohasnagpal.com/blog/2007/09/27/can-your-gmail-account-really-be-hacked/

Regards,
Rohas Nagpal
Data64 LLC

Prev by Date: Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk?
Next by Date: RE: Internet usage and monitoring
Previous by thread: which routing attacks are possible
Next by thread: Performance Monitoring Software
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] [WEB SECURITY] Persistent CSRF and The Hotlink Hell
... years back would be an example of the defacement attack that Michael ... When we talk about CSRF we often assume that there is one kind only. ... POST requests on behalf of the victim? ... CSRF can be as persistent as persistent XSS (Cross-site ...
(Full-Disclosure)
Re: [Full-disclosure] [WEB SECURITY] Persistent CSRF and The Hotlink Hell
... years back would be an example of the defacement attack that Michael ... When we talk about CSRF we often assume that there is one kind only. ... POST requests on behalf of the victim? ... CSRF can be as persistent as persistent XSS (Cross-site ...
(Bugtraq)