Google cookies allow attacker to view contacts and emails

Posted on September 27th, 2007 by Jason Caminiti

This article discusses how an ‘ethical hacker’ Petko Petkov of GNUCitizen was able to break into gmail using the google cookie placed on your computer. 

 Cookies have always been contraversial.  I think cookies are a good thing, but they really need to be used with caution, and your personal info needs to be protected.

 Cross site scripting is a vulnerability that allows an attacker to embed code that can then be executed by a separate site.  This is something that needs to be disabled and disallowed by the browser venders.  I personally think you should only be allowed to place a cookie from the site you are generating one from.  What some adverstisers are doing is placing a cookie onto your system that allows them  to track you from their site as well.  I went to the site I wanted to go to, and cookies from them are fine.  I don’t think that a 3rd party advertising site should be able to put a cookie onto my system.  What this allows is for the 3rd party advertising site to then track me by watching what sites I go to, and then see what my trends are.  This type of marketing is OK, but I think it really has to be permission based, and not done in a hidden way.  This, I feel, is disreputable marketing.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Slashdot
  • digg
  • Technorati
  • Reddit
  • Fark
  • del.icio.us

Filed under: News, Security

Leave a Reply

« Spam is up, and it is only going to get worse… Northeastern sues Google »