lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4A08309F.4040903@secniche.org>
Date: Mon, 11 May 2009 19:35:19 +0530
From: Aditya K Sood <0kn0ck@...niche.org>
To: bugtraq@...urityfocus.com, websecurity@...appsec.org,
	submit@...w0rm.com, submissions@...ketstormsecurity.org
Subject: Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks -
 Cookie Hijacking / Stealing


Hi

Google docs network was vulnerable to PDF repurposing attacks. The
vulnerability was disclosed to Google with a discretion.
This was done to mitigate the risk . Google had worked over it and
patched it with in a period of 5 days. The Google doc has
been refined now and the integrated support for adobe plugin is removed.
The user security was the prime issue because millions
of user were at risk if this attack persisted in the open environment.
Integrated accounts were more susceptible as certain
stolen credentials could be used to access  accounts.

The advisory is released here:
http://secniche.org/gmd_hijack/gc_hijack.xhtml
http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf


Regards
Aditya KS
http://www.secniche.org




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ