| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 May 2009 19:35:19 +0530 From: Aditya K Sood <0kn0ck@...niche.org> To: bugtraq@...urityfocus.com, websecurity@...appsec.org, submit@...w0rm.com, submissions@...ketstormsecurity.org Subject: Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing Hi Google docs network was vulnerable to PDF repurposing attacks. The vulnerability was disclosed to Google with a discretion. This was done to mitigate the risk . Google had worked over it and patched it with in a period of 5 days. The Google doc has been refined now and the integrated support for adobe plugin is removed. The user security was the prime issue because millions of user were at risk if this attack persisted in the open environment. Integrated accounts were more susceptible as certain stolen credentials could be used to access accounts. The advisory is released here: http://secniche.org/gmd_hijack/gc_hijack.xhtml http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf Regards Aditya KS http://www.secniche.org
Powered by blists - more mailing lists