Google quick to fix Gmail spam exploit

Powered by SC Magazine
 

Google has addressed an exploit which tried to send spam to Gmail users.

A "serious" exploit that allowed spam to be sent to Gmail users without them knowing about it has been shut down.

Google claimed it was quick to counter the exploit, which caused spam to be sent to logged-in Gmail users when they visited specially-crafted websites.

“We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account,” Google explained in a statement.

“We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.”

Graham Cluley, senior technology consultant at Sophos, said the flaw was a particularly serious one, even though it appears there was no monetary reward for the scammers.

“Although this particular exploit appears to have been set up for mischief, more malicious hackers could easily have exploited the vulnerability to spread the typical money-making spam we often see or to distribute malware or a phishing attack,” Cluley wrote in a blog post.

“Security issues like this are a real concern as more and more people rely upon email communications, and their webmail providers to deliver a reliable, filtered inbox. This was a serious security hole.”

Facebook recently made a play in the email sphere with Messages, designed to be better at protecting against spam in comparison to other clients.

The social networking giant last week outlined in a blog how it had “devoted a lot of time and energy to keeping spam and other annoying or malicious communications out.”

“Most importantly, Messages uses your social connections on Facebook to ensure that the inbox only contains messages from your friends and their friends by default,” Facebook added.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Google quick to fix Gmail spam exploit
 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 961

Vote