I find it interesting and all the while disturbing, although my gmail is mostly a glorified spam catcher anyway. I use it for mailing lists, sites like Jaiku, twitter, etc.
Hehe....Gmail >.> I do also use one hotmail address, but again, I don't do much through email, and try to make sure they don't contain too much sensitive information. There's always transactions and such.....but I try to keep those to a minimum on my end...not that I have that much money to begin with XD
The thing here is that there might be yet another XSS-flaw floating around, and I am not feeling very comfortable knowing that there might be yet another Google 0-day bobbing around in the Internet ocean.
What you have to consider is that your address book might contain people who'll get their email-address and other contact-information exposed to those that should not have this information.
I did think about that actually, which is why I mentioned the mailing lists, etc. All I have on that mailing list are bots. If the bots are infected and their mailing lists accessed....well, that's something the website should try and work to prevent also....
As Gmail, by default, adds those email-addresses (and names) one mails with to the address book automatically, there might be (read "is") a huge databank to harvest here for a potential abuser of the system.
Yes. I know I have the Cool Tool's editor gmail on my address book. I email back and forth with him from time to time to correct stuff on his articles, and sometimes offer a few other alternatives. They have a decently sized fanbase..... :S
But if we step outside the "self-sphere" for a while, the issue here is pretty serious after all, as it is a question of accessing personal and (sometimes) sensitive data - this without the account holder knowing anything about this.
11 comments so far
I personally found this comment more interesting.
1 year, 7 months ago by hypocrisy
I find it interesting and all the while disturbing, although my gmail is mostly a glorified spam catcher anyway. I use it for mailing lists, sites like Jaiku, twitter, etc.
1 year, 7 months ago by edythemighty
What do you use for your email, if I may ask?
1 year, 7 months ago by hypocrisy
Hehe....Gmail >.> I do also use one hotmail address, but again, I don't do much through email, and try to make sure they don't contain too much sensitive information. There's always transactions and such.....but I try to keep those to a minimum on my end...not that I have that much money to begin with XD
1 year, 7 months ago by edythemighty
The thing here is that there might be yet another XSS-flaw floating around, and I am not feeling very comfortable knowing that there might be yet another Google 0-day bobbing around in the Internet ocean.
What you have to consider is that your address book might contain people who'll get their email-address and other contact-information exposed to those that should not have this information.
Aka; think one step further :)
1 year, 7 months ago by hypocrisy
I did think about that actually, which is why I mentioned the mailing lists, etc. All I have on that mailing list are bots. If the bots are infected and their mailing lists accessed....well, that's something the website should try and work to prevent also....
1 year, 7 months ago by edythemighty
I was referring to the Gmail address-book.
As Gmail, by default, adds those email-addresses (and names) one mails with to the address book automatically, there might be (read "is") a huge databank to harvest here for a potential abuser of the system.
1 year, 7 months ago by hypocrisy
Yes. I know I have the Cool Tool's editor gmail on my address book. I email back and forth with him from time to time to correct stuff on his articles, and sometimes offer a few other alternatives. They have a decently sized fanbase..... :S
1 year, 7 months ago by edythemighty
@krazykritter Your email-address wouldn't be an issue then. The eventual people in your address-book are however.
1 year, 7 months ago by hypocrisy
This XSS-flaw would probably apply to the Google Apps hosted domain accounts as well.
PS. FireFox's spelling function suggested "ASS" instead of "XSS" laughs
1 year, 7 months ago by hypocrisy
Well, there you go...
But if we step outside the "self-sphere" for a while, the issue here is pretty serious after all, as it is a question of accessing personal and (sometimes) sensitive data - this without the account holder knowing anything about this.
I certainly hope that this isn't true...
1 year, 7 months ago by hypocrisy